> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://help.sigmacomputing.com/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://help.sigmacomputing.com/_mcp/server.

# Grant workspace permissions to users or teams

POST https://api.sigmacomputing.com/v2/workspaces/{workspaceId}/grants
Content-Type: application/json

This endpoint allows creating a grant which specifies permissions for one or more users or teams to access a workspace.

### Usage notes
- **Grants**: An array of grant objects. Each object specifies a grantee and the permission level assigned to them.
- Retrieve the **workspaceId** by calling the [/v2/workspaces](https://help.sigmacomputing.com/reference/list-workspaces) endpoint.
- Do not set both **memberId** and **teamId** in the same **grantee** object. Instead, choose one based on the target of the grant.

  - Retrieve the **memberId** by calling the [/v2/members](https://help.sigmacomputing.com/reference/list-members) endpoint.
  - Retrieve the **teamId** by calling the [/v2/teams](https://help.sigmacomputing.com/reference/list-teams) endpoint.

### Usage scenarios
- **Access control setup**: Use this endpoint to set up or modify access controls for a workspace, specifying which users or teams can access and what actions they can perform.

### Best practices
- **Clear permission definitions**: Ensure that the permissions granted are well understood by both the grantor and the grantee to avoid misuse of access rights.

Reference: https://help.sigmacomputing.com/reference/create-workspace-grant

## OpenAPI Specification

```yaml
openapi: 3.1.0
info:
  title: sigma-rest-api
  version: 1.0.0
paths:
  /v2/workspaces/{workspaceId}/grants:
    post:
      operationId: createWorkspaceGrant
      summary: Grant workspace permissions to users or teams
      description: >-
        This endpoint allows creating a grant which specifies permissions for
        one or more users or teams to access a workspace.


        ### Usage notes

        - **Grants**: An array of grant objects. Each object specifies a grantee
        and the permission level assigned to them.

        - Retrieve the **workspaceId** by calling the
        [/v2/workspaces](https://help.sigmacomputing.com/reference/list-workspaces)
        endpoint.

        - Do not set both **memberId** and **teamId** in the same **grantee**
        object. Instead, choose one based on the target of the grant.

          - Retrieve the **memberId** by calling the [/v2/members](https://help.sigmacomputing.com/reference/list-members) endpoint.
          - Retrieve the **teamId** by calling the [/v2/teams](https://help.sigmacomputing.com/reference/list-teams) endpoint.

        ### Usage scenarios

        - **Access control setup**: Use this endpoint to set up or modify access
        controls for a workspace, specifying which users or teams can access and
        what actions they can perform.


        ### Best practices

        - **Clear permission definitions**: Ensure that the permissions granted
        are well understood by both the grantor and the grantee to avoid misuse
        of access rights.
      tags:
        - Workspaces
      parameters:
        - name: workspaceId
          in: path
          required: true
          schema:
            type: string
        - name: Authorization
          in: header
          description: OAuth authentication
          required: true
          schema:
            type: string
      responses:
        '200':
          description: The response body.
          content:
            application/json:
              schema:
                $ref: >-
                  #/components/schemas/workspaces_createWorkspaceGrant_Response_200
      requestBody:
        description: The request body.
        content:
          application/json:
            schema:
              type: object
              properties:
                grants:
                  type: array
                  items:
                    $ref: >-
                      #/components/schemas/V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItems
              required:
                - grants
servers:
  - url: https://api.sigmacomputing.com
    description: Server for GCP (US) hosted organizations
  - url: https://api.sa.gcp.sigmacomputing.com
    description: Server for GCP (KSA) hosted organizations
  - url: https://aws-api.sigmacomputing.com
    description: Server for AWS US (West) hosted organizations
  - url: https://api.us-a.aws.sigmacomputing.com
    description: Server for AWS US (East) hosted organizations
  - url: https://api.ca.aws.sigmacomputing.com
    description: Server for AWS Canada hosted organizations
  - url: https://api.eu.aws.sigmacomputing.com
    description: Server for AWS Europe hosted organizations
  - url: https://api.au.aws.sigmacomputing.com
    description: Server for AWS Australia and APAC hosted organizations
  - url: https://api.uk.aws.sigmacomputing.com
    description: Server for AWS UK hosted organizations
  - url: https://api.us.azure.sigmacomputing.com
    description: Server for Azure US hosted organizations
  - url: https://api.eu.azure.sigmacomputing.com
    description: Server for Azure Europe hosted organizations
  - url: https://api.ca.azure.sigmacomputing.com
    description: Server for Azure Canada hosted organizations
  - url: https://api.uk.azure.sigmacomputing.com
    description: Server for Azure United Kingdom hosted organizations
  - url: https://api.au.azure.sigmacomputing.com
    description: Server for Azure Australia hosted organizations
components:
  schemas:
    V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee0:
      type: object
      properties:
        memberId:
          type: string
      required:
        - memberId
      description: The UUID of the member receiving the grant
      title: >-
        V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee0
    V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee1:
      type: object
      properties:
        teamId:
          type: string
      required:
        - teamId
      description: The UUID of the team receiving the grant
      title: >-
        V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee1
    V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee:
      oneOf:
        - $ref: >-
            #/components/schemas/V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee0
        - $ref: >-
            #/components/schemas/V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee1
      title: >-
        V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee
    V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsPermission:
      type: string
      enum:
        - view
        - explore
        - organize
        - edit
      description: >-
        Defines the level of access that is granted. Each permission level
        allows different types of operations.
      title: >-
        V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsPermission
    V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItems:
      type: object
      properties:
        grantee:
          $ref: >-
            #/components/schemas/V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsGrantee
        permission:
          $ref: >-
            #/components/schemas/V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItemsPermission
          description: >-
            Defines the level of access that is granted. Each permission level
            allows different types of operations.
      required:
        - grantee
        - permission
      title: >-
        V2WorkspacesWorkspaceIdGrantsPostRequestBodyContentApplicationJsonSchemaGrantsItems
    workspaces_createWorkspaceGrant_Response_200:
      type: object
      properties: {}
      title: workspaces_createWorkspaceGrant_Response_200
  securitySchemes:
    OAuth:
      type: http
      scheme: bearer
      description: OAuth 2.0 authentication

```

## Examples



**Request**

```json
{
  "grants": [
    {
      "grantee": {
        "memberId": "a1b2c3d4-e5f6-7890-ab12-cd34ef567890"
      },
      "permission": "explore"
    },
    {
      "grantee": {
        "memberId": "f0e1d2c3-b4a5-6789-0abc-def123456789"
      },
      "permission": "view"
    },
    {
      "grantee": {
        "memberId": "123e4567-e89b-12d3-a456-426614174000"
      },
      "permission": "edit"
    }
  ]
}
```

**Response**

```json
{}
```

**SDK Code**

```python
import requests

url = "https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants"

payload = { "grants": [
        {
            "grantee": { "memberId": "a1b2c3d4-e5f6-7890-ab12-cd34ef567890" },
            "permission": "explore"
        },
        {
            "grantee": { "memberId": "f0e1d2c3-b4a5-6789-0abc-def123456789" },
            "permission": "view"
        },
        {
            "grantee": { "memberId": "123e4567-e89b-12d3-a456-426614174000" },
            "permission": "edit"
        }
    ] }
headers = {
    "Authorization": "<token>.",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.json())
```

```javascript
const url = 'https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants';
const options = {
  method: 'POST',
  headers: {Authorization: '<token>.', 'Content-Type': 'application/json'},
  body: '{"grants":[{"grantee":{"memberId":"a1b2c3d4-e5f6-7890-ab12-cd34ef567890"},"permission":"explore"},{"grantee":{"memberId":"f0e1d2c3-b4a5-6789-0abc-def123456789"},"permission":"view"},{"grantee":{"memberId":"123e4567-e89b-12d3-a456-426614174000"},"permission":"edit"}]}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}
```

```go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants"

	payload := strings.NewReader("{\n  \"grants\": [\n    {\n      \"grantee\": {\n        \"memberId\": \"a1b2c3d4-e5f6-7890-ab12-cd34ef567890\"\n      },\n      \"permission\": \"explore\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"f0e1d2c3-b4a5-6789-0abc-def123456789\"\n      },\n      \"permission\": \"view\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"123e4567-e89b-12d3-a456-426614174000\"\n      },\n      \"permission\": \"edit\"\n    }\n  ]\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("Authorization", "<token>.")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
```

```ruby
require 'uri'
require 'net/http'

url = URI("https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["Authorization"] = '<token>.'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"grants\": [\n    {\n      \"grantee\": {\n        \"memberId\": \"a1b2c3d4-e5f6-7890-ab12-cd34ef567890\"\n      },\n      \"permission\": \"explore\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"f0e1d2c3-b4a5-6789-0abc-def123456789\"\n      },\n      \"permission\": \"view\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"123e4567-e89b-12d3-a456-426614174000\"\n      },\n      \"permission\": \"edit\"\n    }\n  ]\n}"

response = http.request(request)
puts response.read_body
```

```java
import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.Unirest;

HttpResponse<String> response = Unirest.post("https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants")
  .header("Authorization", "<token>.")
  .header("Content-Type", "application/json")
  .body("{\n  \"grants\": [\n    {\n      \"grantee\": {\n        \"memberId\": \"a1b2c3d4-e5f6-7890-ab12-cd34ef567890\"\n      },\n      \"permission\": \"explore\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"f0e1d2c3-b4a5-6789-0abc-def123456789\"\n      },\n      \"permission\": \"view\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"123e4567-e89b-12d3-a456-426614174000\"\n      },\n      \"permission\": \"edit\"\n    }\n  ]\n}")
  .asString();
```

```php
<?php
require_once('vendor/autoload.php');

$client = new \GuzzleHttp\Client();

$response = $client->request('POST', 'https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants', [
  'body' => '{
  "grants": [
    {
      "grantee": {
        "memberId": "a1b2c3d4-e5f6-7890-ab12-cd34ef567890"
      },
      "permission": "explore"
    },
    {
      "grantee": {
        "memberId": "f0e1d2c3-b4a5-6789-0abc-def123456789"
      },
      "permission": "view"
    },
    {
      "grantee": {
        "memberId": "123e4567-e89b-12d3-a456-426614174000"
      },
      "permission": "edit"
    }
  ]
}',
  'headers' => [
    'Authorization' => '<token>.',
    'Content-Type' => 'application/json',
  ],
]);

echo $response->getBody();
```

```csharp
using RestSharp;

var client = new RestClient("https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "<token>.");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("application/json", "{\n  \"grants\": [\n    {\n      \"grantee\": {\n        \"memberId\": \"a1b2c3d4-e5f6-7890-ab12-cd34ef567890\"\n      },\n      \"permission\": \"explore\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"f0e1d2c3-b4a5-6789-0abc-def123456789\"\n      },\n      \"permission\": \"view\"\n    },\n    {\n      \"grantee\": {\n        \"memberId\": \"123e4567-e89b-12d3-a456-426614174000\"\n      },\n      \"permission\": \"edit\"\n    }\n  ]\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
```

```swift
import Foundation

let headers = [
  "Authorization": "<token>.",
  "Content-Type": "application/json"
]
let parameters = ["grants": [
    [
      "grantee": ["memberId": "a1b2c3d4-e5f6-7890-ab12-cd34ef567890"],
      "permission": "explore"
    ],
    [
      "grantee": ["memberId": "f0e1d2c3-b4a5-6789-0abc-def123456789"],
      "permission": "view"
    ],
    [
      "grantee": ["memberId": "123e4567-e89b-12d3-a456-426614174000"],
      "permission": "edit"
    ]
  ]] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://api.sigmacomputing.com/v2/workspaces/workspaceId/grants")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error as Any)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
```