Change user access

Upon creation, a user must have at least one assigned user role. However, as new advertisers are created or organizations expand to multiple partners, users' access will need to be updated to include new relevant resources.

Updating a user's roles can be done through the users.bulkEditAssignedUserRoles method. This method allows users to remove and add user roles in the same action, allowing an easy way to change the level of access a user has for a resource with a single request.

The following code is an example of how to edit the assigned user roles of an existing user to add a new role and replace an existing one:

Java

// Retrieve the existing user.
User user = service.users().get(user-id).execute();

// Create the bulk edit request structure.
BulkEditAssignedUserRolesRequest bulkEditRequest = new BulkEditAssignedUserRolesRequest();

// Build list of user roles to add.
ArrayList<AssignedUserRole> addedUserRoles = new ArrayList<AssignedUserRole>();

// Add the user role for the new advertiser and the new user role
// for the existing advertiser to assign to the user.
addedUserRoles.add(new AssignedUserRole()
    .setAdvertiserId(new-advertiser-id)
    .setUserRole("STANDARD"));
addedUserRoles.add(new AssignedUserRole()
    .setAdvertiserId(existing-advertiser-id)
    .setUserRole("READ_ONLY"));

// Add list of user roles to add to the request.
bulkEditRequest.setCreatedAssignedUserRoles(addedUserRoles);

// Build list of user role IDs to delete.
ArrayList<String> deletedUserRoles = new ArrayList<String>();

// Create assigned user role ID to check for.
String existingAssignedUserRoleId = String.format(
    "advertiser-%d",
    existing-advertiser-id
);

// Check the existing user roles. If the user has an existing user role
// for the existing advertiser, add it to the list of roles to be deleted.
// Users cannot have multiple roles for a single resource.
for (AssignedUserRole userRole: user.getAssignedUserRoles()) {
  if (userRole.getAssignedUserRoleId() == existingAssignedUserRoleId) {
    deletedUserRoles.add(existingAssignedUserRoleId);
  }
}

// Add list of user roles to delete to the request.
bulkEditRequest.setDeletedAssignedUserRoles(deletedUserRoles);

// Build and execute the bulk edit request.
BulkEditAssignedUserRolesResponse response = service.users()
    .bulkEditAssignedUserRoles(
        user-id,
        bulkEditRequest
    ).execute();

// Check if response is empty.
// If not, iterate over created AssignedUserRoles.
if (response.isEmpty()) {
  System.out.print("Bulk edit request created no new AssignedUserRoles");
} else {
  for (AssignedUserRole assignedRole : response.getCreatedAssignedUserRoles()) {
    System.out.printf("AssignedUserRole %s was created\n",
        assignedRole.getAssignedUserRoleId());
  }
}

Python

# Retrieve the existing user.
user = service.users().get(userId=user-id).execute()

# Add the user role for the new advertiser and the new user role
# for the existing advertiser to assign to the user.
added_user_roles = [
    {
        'advertiser_id': new-advertiser-id,
        'user_role': 'STANDARD'
    },
    {
        'advertiser_id': existing-advertiser-id,
        'user_role': 'READ_ONLY'
    }
]

# Create empty deleted user role list to add to if necessary
deleted_user_roles = []

# Check the existing user roles. If the user has an existing user role
# for the existing advertiser, add it to the list of roles to be deleted.
# Users cannot have multiple roles for a single resource.
for role in user['assignedUserRoles']:
  if role['assignedUserRoleId'] == ("advertiser-%s" % existing-advertiser-id):
    deleted_user_roles.append(role['assignedUserRoleId'])

# Create the bulk edit request
bulk_edit_user_roles_request = {
    'deletedAssignedUserRoles': deleted_user_roles,
    'createdAssignedUserRoles': added_user_roles
}

# Edit the assigned user roles.
response = service.users().bulkEditAssignedUserRoles(
    userId=user-id,
    body=bulk_edit_user_roles_request
).execute()