If you create a Worker app through the PingOne API, the app inherits your roles by default. Use the assignActorRoles parameter to create a Worker app with minimal roles. Learn more in Create Application - OIDC - Worker App in the PingOne Platform API Reference.

  1. Go to Applications > Applications and browse or search for the application that you want to edit.

    You can apply roles to Worker applications only. To view the specific permissions for each role, go to Directory > Roles. Click a role to see its details. Learn more in Roles.

  2. Click the application entry to open the details panel.
  3. Click the Roles > Administrative Roles tab.

    If roles are assigned, they are listed here with information about where those roles apply. For example, in the following image, BX User has the Environment Admin role, and they have that role for four environments.


    You can assign administrative roles to users, groups, worker applications, or PingFederate gateway integrations.

    A screen capture of the user details for BX User. Roles tab is selected, and shows the assignment of the Environment Admin role in four environments.

    Click the Info icon to view the permissions associated with the role. Click the down arrow on the right to view the list of environments or populations for which the role is assigned.

    Screen capture of the Environment Admin role expanded to display the four environments in which the user has the role.
  4. Click Grant Roles.

    The Available Responsibilities tab lists the roles that you are allowed to assign and the environments for which you are allowed to assign them. A responsibility is the combination of the role assignment and the level, or scope, at which the role is applied. Depending on the role, it could be assigned at the organization, environment, or population level.

    The Granted Responsibilities tab lists the roles, if any, that are currently assigned.

  5. On the Available Responsibilities tab, click the role that you want to assign or change and perform any combination of the following:
    1. To assign the role, select the checkboxes next to the applicable environments.

      Click Select All or Remove All to select or clear all available responsibilities.

    2. To remove a role assignment, clear the checkboxes next to the applicable environments.
    3. To grant this access for only a portion the environment, click the Reduce Access icon (image of reduce access icon), select a subset of the available populations on the Limit Access page, and click Confirm.
      A screen capture of the Limit Access page showing one population selected out of three populations

    You can grant only roles that are assigned to you or that confer the permissions needed to assign that role to others. For example, if you do not have the Environment Admin role, you cannot assign the Environment Admin role to others (and that role will not be listed under Available Responsibilities). However, if you have the Identity Data Admin role, you can assign either the Identity Data Admin role or the Identity Data Read Only role to others.

    Learn more about the permissions associated with each role in Roles.

  6. Click Save.

The role assignments you selected are listed on the Granted Responsibilities tab.