Assign an organization role to a user
Use assign_user_role to grant an existing organization role directly to
an existing org member. This is a write that mutates permissions across
every repo the role’s definition covers — read
the confirm-echo contract
before your first call if you haven’t used one of this plugin’s write tools
before.
Prerequisites
Section titled “Prerequisites”github-org-identityinstalled.- A GitHub token resolvable via
GITHUB_TOKENorgh auth token, with the org’sadmin:orgscope or App-installationmembers/organization_administrationpermission. - The numeric
roleId(from list_organization_roles) and the target’susername. - This tool only assigns a role to a user who is already an org member. It does not invite users into the org.
-
Ask for the tool, passing the role id twice — once as
roleId, once asconfirmRoleId— plus the target username:Use
assign_user_rolefor orgmy-org, roleId8132, confirmRoleId8132, usernameoctocat.The two role-id fields must be identical. If they aren’t, the call throws
confirmation_mismatchbefore any GitHub API request is made — retry with matching values once you’ve confirmed theroleIdyou meant. -
On success you get back
{ "org": "my-org", "roleId": 8132, "username": "octocat" }. -
Confirm the assignment took effect with list_role_users — the user should now appear in that role’s user list, with
assignmentreflecting a direct grant.
If the call fails
Section titled “If the call fails”confirmation_mismatch—roleIdandconfirmRoleIddidn’t match; no API call was made.missing_scope— no resolvable token.github_api_error— theroleIddoesn’t exist, theusernameisn’t an org member, or the identity lacks org-roles write access.
Remove the role again if you were experimenting, or assign the same role to a team.