> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.generaltranslation.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Ajouter des autorisations aux Rôles

> Découvrez comment ajouter des autorisations aux rôles à l’aide de l’Auth0 Dashboard ou de la Management API.

export const AuthCodeGroup = ({children, dropdown}) => {
  const [processedChildren, setProcessedChildren] = useState(children);
  useEffect(() => {
    let unsubscribe = null;
    function init() {
      unsubscribe = window.autorun(() => {
        const processChildren = node => {
          if (typeof node === "string") {
            let processedNode = node;
            for (const [key, value] of window.rootStore.variableStore.values.entries()) {
              processedNode = processedNode.replace(new RegExp(key, "g"), value);
            }
            return processedNode;
          } else if (Array.isArray(node)) {
            return node.map(processChildren);
          } else if (node && node.props && node.props.children) {
            return {
              ...node,
              props: {
                ...node.props,
                children: processChildren(node.props.children)
              }
            };
          }
          return node;
        };
        setProcessedChildren(processChildren(children));
      });
    }
    if (window.rootStore) {
      init();
    } else {
      window.addEventListener("adu:storeReady", init);
    }
    return () => {
      window.removeEventListener("adu:storeReady", init);
      unsubscribe?.();
    };
  }, [children]);
  return <CodeGroup dropdown={dropdown}>{processedChildren}</CodeGroup>;
};

export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
  const [processedChildren, setProcessedChildren] = useState(children);
  useEffect(() => {
    let unsubscribe = null;
    function init() {
      unsubscribe = window.autorun(() => {
        let processedChildren = children;
        for (const [key, value] of window.rootStore.variableStore.values.entries()) {
          processedChildren = processedChildren.replace(new RegExp(key, "g"), value);
        }
        setProcessedChildren(processedChildren);
      });
    }
    if (window.rootStore) {
      init();
    } else {
      window.addEventListener("adu:storeReady", init);
    }
    return () => {
      window.removeEventListener("adu:storeReady", init);
      unsubscribe?.();
    };
  }, [children]);
  return <CodeBlock filename={filename} icon={icon} language={language} lines highlight={highlight}>
      {processedChildren}
    </CodeBlock>;
};

Vous pouvez ajouter des autorisations aux [rôles](/docs/fr-CA/fr-ca/manage-users/access-control/rbac) à l’aide de l’<Tooltip href="/docs/fr-CA/fr-ca/glossary?term=auth0-dashboard" tip="Auth0 Dashboard
Principal produit d’Auth0 pour configurer vos services." cta="Voir le glossaire">Auth0 Dashboard</Tooltip> ou de la <Tooltip href="/docs/fr-CA/fr-ca/glossary?term=management-api" tip="Management API
Un produit permettant aux clients d’effectuer des tâches administratives." cta="Voir le glossaire">Management API</Tooltip>. Les rôles et leurs autorisations peuvent être utilisés avec l'ensemble de fonctionnalités API Authorization Core.

<div id="prerequisites">
  ## Prérequis
</div>

* Pour que le contrôle d'accès basé sur les rôles (RBAC) fonctionne correctement, vous devez l’activer pour votre API en utilisant soit le Dashboard, soit Management API. La fonctionnalité centrale de l’autorisation est différente de l’extension d’autorisation. Pour une comparaison, consultez [Authorization Core par rapport à Authorization Extension](/docs/fr-CA/fr-ca/manage-users/access-control/authorization-core-vs-authorization-extension).
* Les rôles sont sélectionnées à partir de valeurs prédéfinies. Si votre liste de rôles est vide, vous devez [créer un rôle](/docs/fr-CA/fr-ca/manage-users/access-control/configure-core-rbac/roles/create-roles).
* [Mettre en place une API](/docs/fr-CA/fr-ca/get-started/auth0-overview/set-up-apis) dans l’Auth0 Dashboard.
* Les autorisations sont sélectionnées parmi des valeurs prédéfinies. Si votre liste d’autorisations est vide, vous devez [ajouter des autorisations](/docs/fr-CA/fr-ca/get-started/apis/add-api-permissions) à votre API.

<div id="dashboard">
  ## Dashboard
</div>

1. Rendez-vous dans [Dashboard > Gestion des utilisateurs > Rôles](https://manage.auth0.com/#/roles) et cliquez sur le nom du rôle à afficher.
2. Cliquez sur l'onglet **Autorisations**, puis cliquez sur **Ajouter des permissions**.
3. Sélectionnez l'API à partir de laquelle vous souhaitez attribuer des autorisations, puis sélectionnez les autorisations à ajouter au rôle et cliquez sur **Ajouter des autorisations**.

<div id="management-api">
  ## Management API
</div>

Effectuez un appel `POST` vers le [point de terminaison Ajouter des autorisations de rôle](https://auth0.com/docs/api/management/v2#!/Roles/post_role_permission_assignment). Veillez à remplacer les valeurs fictives `ROLE_ID`, `MGMT_API_ACCESS_TOKEN`, `API_IDENTIFIER` et `PERMISSION_NAME` par l’ID de votre rôle, le jeton d’accès à Management API, l'identifiant de l'API (<Tooltip data-tooltip-id="react-containers-DefinitionTooltip-2" tip="">audience</Tooltip>) et le(s) nom(s) de la (des) autorisation(s), respectivement.

<AuthCodeGroup>
  ```bash cURL theme={null}
  curl --request POST \
    --url 'https://{yourDomain}/api/v2/roles/ROLE_ID/permissions' \
    --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
    --header 'cache-control: no-cache' \
    --header 'content-type: application/json' \
    --data '{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }'
  ```

  ```csharp C# theme={null}
  var client = new RestClient("https://{yourDomain}/api/v2/roles/ROLE_ID/permissions");
  var request = new RestRequest(Method.POST);
  request.AddHeader("content-type", "application/json");
  request.AddHeader("authorization", "Bearer MGMT_API_ACCESS_TOKEN");
  request.AddHeader("cache-control", "no-cache");
  request.AddParameter("application/json", "{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }", ParameterType.RequestBody);
  IRestResponse response = client.Execute(request);
  ```

  ```go Go theme={null}
  package main

  import (
  	"fmt"
  	"strings"
  	"net/http"
  	"io/ioutil"
  )

  func main() {

  	url := "https://{yourDomain}/api/v2/roles/ROLE_ID/permissions"

  	payload := strings.NewReader("{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }")

  	req, _ := http.NewRequest("POST", url, payload)

  	req.Header.Add("content-type", "application/json")
  	req.Header.Add("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
  	req.Header.Add("cache-control", "no-cache")

  	res, _ := http.DefaultClient.Do(req)

  	defer res.Body.Close()
  	body, _ := ioutil.ReadAll(res.Body)

  	fmt.Println(res)
  	fmt.Println(string(body))

  }
  ```

  ```java Java theme={null}
  HttpResponse<String> response = Unirest.post("https://{yourDomain}/api/v2/roles/ROLE_ID/permissions")
    .header("content-type", "application/json")
    .header("authorization", "Bearer MGMT_API_ACCESS_TOKEN")
    .header("cache-control", "no-cache")
    .body("{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }")
    .asString();
  ```

  ```javascript Node.JS theme={null}
  var axios = require("axios").default;

  var options = {
    method: 'POST',
    url: 'https://{yourDomain}/api/v2/roles/ROLE_ID/permissions',
    headers: {
      'content-type': 'application/json',
      authorization: 'Bearer MGMT_API_ACCESS_TOKEN',
      'cache-control': 'no-cache'
    },
    data: {
      permissions: [
        {
          resource_server_identifier: 'API_IDENTIFIER',
          permission_name: 'PERMISSION_NAME'
        },
        {
          resource_server_identifier: 'API_IDENTIFIER',
          permission_name: 'PERMISSION_NAME'
        }
      ]
    }
  };

  axios.request(options).then(function (response) {
    console.log(response.data);
  }).catch(function (error) {
    console.error(error);
  });
  ```

  ```objc Obj-C theme={null}
  #import <Foundation/Foundation.h>

  NSDictionary *headers = @{ @"content-type": @"application/json",
                             @"authorization": @"Bearer MGMT_API_ACCESS_TOKEN",
                             @"cache-control": @"no-cache" };
  NSDictionary *parameters = @{ @"permissions": @[ @{ @"resource_server_identifier": @"API_IDENTIFIER", @"permission_name": @"PERMISSION_NAME" }, @{ @"resource_server_identifier": @"API_IDENTIFIER", @"permission_name": @"PERMISSION_NAME" } ] };

  NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

  NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/roles/ROLE_ID/permissions"]
                                                         cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                     timeoutInterval:10.0];
  [request setHTTPMethod:@"POST"];
  [request setAllHTTPHeaderFields:headers];
  [request setHTTPBody:postData];

  NSURLSession *session = [NSURLSession sharedSession];
  NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                              completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                  if (error) {
                                                      NSLog(@"%@", error);
                                                  } else {
                                                      NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                      NSLog(@"%@", httpResponse);
                                                  }
                                              }];
  [dataTask resume];
  ```

  ```php PHP theme={null}
  $curl = curl_init();

  curl_setopt_array($curl, [
    CURLOPT_URL => "https://{yourDomain}/api/v2/roles/ROLE_ID/permissions",
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_POSTFIELDS => "{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }",
    CURLOPT_HTTPHEADER => [
      "authorization: Bearer MGMT_API_ACCESS_TOKEN",
      "cache-control: no-cache",
      "content-type: application/json"
    ],
  ]);

  $response = curl_exec($curl);
  $err = curl_error($curl);

  curl_close($curl);

  if ($err) {
    echo "cURL Error #:" . $err;
  } else {
    echo $response;
  }
  ```

  ```python Python theme={null}
  import http.client

  conn = http.client.HTTPSConnection("")

  payload = "{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }"

  headers = {
      'content-type': "application/json",
      'authorization': "Bearer MGMT_API_ACCESS_TOKEN",
      'cache-control': "no-cache"
      }

  conn.request("POST", "/{yourDomain}/api/v2/roles/ROLE_ID/permissions", payload, headers)

  res = conn.getresponse()
  data = res.read()

  print(data.decode("utf-8"))
  ```

  ```ruby Ruby theme={null}
  require 'uri'
  require 'net/http'
  require 'openssl'

  url = URI("https://{yourDomain}/api/v2/roles/ROLE_ID/permissions")

  http = Net::HTTP.new(url.host, url.port)
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE

  request = Net::HTTP::Post.new(url)
  request["content-type"] = 'application/json'
  request["authorization"] = 'Bearer MGMT_API_ACCESS_TOKEN'
  request["cache-control"] = 'no-cache'
  request.body = "{ "permissions": [ { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" }, { "resource_server_identifier": "API_IDENTIFIER", "permission_name": "PERMISSION_NAME" } ] }"

  response = http.request(request)
  puts response.read_body
  ```

  ```swift Swift theme={null}
  import Foundation

  let headers = [
    "content-type": "application/json",
    "authorization": "Bearer MGMT_API_ACCESS_TOKEN",
    "cache-control": "no-cache"
  ]
  let parameters = ["permissions": [
      [
        "resource_server_identifier": "API_IDENTIFIER",
        "permission_name": "PERMISSION_NAME"
      ],
      [
        "resource_server_identifier": "API_IDENTIFIER",
        "permission_name": "PERMISSION_NAME"
      ]
    ]] as [String : Any]

  let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

  let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/roles/ROLE_ID/permissions")! as URL,
                                          cachePolicy: .useProtocolCachePolicy,
                                      timeoutInterval: 10.0)
  request.httpMethod = "POST"
  request.allHTTPHeaderFields = headers
  request.httpBody = postData as Data

  let session = URLSession.shared
  let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
    if (error != nil) {
      print(error)
    } else {
      let httpResponse = response as? HTTPURLResponse
      print(httpResponse)
    }
  })

  dataTask.resume()
  ```
</AuthCodeGroup>

<table class="table">
  <thead>
    <tr>
      <th>Valeur</th>
      <th>Description</th>
    </tr>
  </thead>

  <tbody>
    <tr>
      <td>`ROLE_ID`</td>
      <td>L’ID du rôle pour lequel vous souhaitez ajouter des autorisations.</td>
    </tr>

    <tr>
      <td>`MGMT_API_ACCESS_TOKEN`</td>
      <td><a href="https://auth0.com/docs/api/management/v2/tokens">Jeton d’accès pour Management API</a> avec la permission `update:roles`.</td>
    </tr>

    <tr>
      <td>`API_IDENTIFIER`</td>
      <td>Il s’agit de l’identifiant de l’API associée à/aux autorisation(s) que vous souhaitez ajouter pour le rôle spécifié, également connu comme « audience ». Ce n’est pas l’ID de l’API.</td>
    </tr>

    <tr>
      <td>`PERMISSION_NAME`</td>
      <td>Nom(s) de la/des autorisation(s) que vous souhaitez ajouter pour le rôle spécifié.</td>
    </tr>
  </tbody>
</table>

<div id="learn-more">
  ## En savoir plus
</div>

* [Attribuer des rôles aux utilisateurs](/docs/fr-CA/fr-ca/manage-users/access-control/configure-core-rbac/rbac-users/assign-roles-to-users)
* [Supprimer les autorisations des rôles](/docs/fr-CA/fr-ca/manage-users/access-control/configure-core-rbac/roles/remove-permissions-from-roles)
