> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Assign roles to users

> Assign roles to Users to grant permissions in your application.

export const userTip = "Represents an end user's account in your application.";

When a <Tooltip tip={userTip}>User</Tooltip> is assigned a role, they are granted permission to perform the actions that role allows. Roles are additive, so Users receive the combined permissions of all roles they are assigned.

## Explicit role assignment

**Explicit role assignment** is when you directly assign a role to (or revoke from) a specific User. Once assigned, the User has that role until it is explicitly revoked.

You can assign roles when making calls to the following API endpoints:

* [Create User](/api-reference/consumer/api/users/create-user)
* [Update User](/api-reference/consumer/api/users/update-user)
* [Password Migrate](/api-reference/consumer/api/passwords/migrate)

Or manage roles in the [Stytch Dashboard](https://stytch.com/dashboard/user-management).

### Example: assign a role via Update User

```curl theme={null}
curl --request PUT \
  --url https://test.stytch.com/v1/users/user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6 \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "roles": ["admin"]
  }'
```

<Note>
  Consumer RBAC supports explicit role assignment. If you need rule-based or attribute-based assignment, implement those rules in your application and apply roles via the Update User endpoint.
</Note>

## What's next

Check out the [enforcement guide](/consumer-auth/authorization/enforcing-permissions) to implement authorization checks in your app.