---
title: Assign roles to users dynamically
description: "Estimated time to complete: 10 minutes"
component: pingoneaic
page_id: pingoneaic:use-cases:use-case-dynamic-role
canonical_url: https://docs.pingidentity.com/pingoneaic/use-cases/use-case-dynamic-role.html
keywords: ["Users", "Roles", "Assignments", "Setup &amp; Configuration"]
page_aliases: ["implementation:use-case-dynamic-role.adoc"]
section_ids:
  dynamic-roles-description: Description
  dynamic-roles-goals: Goals
  dynamic-prerequisites: Prerequisites
  dynamic-roles-tasks: Tasks
  dynamic-roles-user: "Task 1: Assign an inactive status to a user"
  dynamic-roles-condition: "Task 2: Add a condition to a role"
  dynamic-roles-validation: Validation
  dynamic-roles-explore-further: Explore further
  dynamic-roles-reference: Reference material
---

# Assign roles to users dynamically

## Description

Estimated time to complete: 10 minutes *(tooltip: This assumes you have first completed the prerequisites.)*

In the use case [Create test users and roles](use-case-test-users-and-roles.html), you created two users and a role and then assigned the role users to the users. In this use case, you are going to:

* Assign an inactive status to one of the users

* Add a condition to the role so that it applies only to active users

## Goals

After completing this use case, you will know how to:

* Change the properties of a user

* Add a condition to a role

## Prerequisites

Before you start, make sure you have:

* A basic understanding of these Ping Identity concepts:

  * Advanced Identity Cloud admin console

  * Hosted pages

* Completed the use case in [Create test users and roles](use-case-test-users-and-roles.html)

## Tasks

### Task 1: Assign an inactive status to a user

In this task, you select one of the users you created in [Create test users and roles](use-case-test-users-and-roles.html) and change their status to inactive.

1. In the Advanced Identity Cloud admin console, go to [icon: people, set=material, size=inline] Identities > Manage > [icon: people, set=material, size=inline] Alpha realm - Users.

2. Click on the user `acruse`.

3. On the user details page, change the Status from the default value `active` to `inactive` and save the change.

### Task 2: Add a condition to a role

In this task, you create a condition so that the role applies only to active users.

1. In the Advanced Identity Cloud admin console, go to [icon: people, set=material, size=inline] Identities > Manage > [icon: assignment_ind, set=material, size=inline] Alpha Realm - Roles.

2. Click on the `employee` role and then click on Settings.

   ![Add new role](_images/use-case-dynamic-roles/role-settings.png)

3. In the Condition panel, click on Set up to create the following condition for the role and save the condition:

   | Field                                                                                                    | Value    |
   | -------------------------------------------------------------------------------------------------------- | -------- |
   | A conditional filter for this role                                                                       | Enable   |
   | Assign to alpha\_user if *Any [icon: keyboard_arrow_down, set=material, size=inline]* conditions are met | `Any`    |
   | Alpha\_user properties [icon: keyboard_arrow_down, set=material, size=inline]                            | `Status` |
   | contains [icon: keyboard_arrow_down, set=material, size=inline]                                          | `is`     |
   | Blank                                                                                                    | `active` |

   ![Add new role](_images/use-case-dynamic-roles/role-condition.png)

4. (Optional) Click on [icon: add, set=material, size=inline] Add Rule to add another condition and take a moment to browse the other conditions that can apply to roles.

Check in

At this point, you:

[icon: check, set=fa]Made a user inactive

[icon: check, set=fa]Added a condition to a role

## Validation

In [Create test users and roles](use-case-test-users-and-roles.html), you created the `employee` role and manually assigned it to `braman` and `acruse`. To validate this use case, make sure the role is no longer assigned to `acruse`.

1. In the Advanced Identity Cloud admin console, go to [icon: people, set=material, size=inline] Identities > Manage > Role Members.

2. Make sure `braman` is in the list but `acruse` is not.

3. Change the status of `braman` to `inactive` and `acruse` to `active`, then make sure `acruse` is in the list but `braman` is not.

## Explore further

### Reference material

| **Reference**                                                                             | **Description**                                 |
| ----------------------------------------------------------------------------------------- | ----------------------------------------------- |
| [Roles](../identities/roles-assignments.html#roles)                                       | Information about roles                         |
| [Grant roles dynamically](../idm-objects/roles-over-rest.html#to-grant-roles-dynamically) | Information about how to assign roles over REST |