> ## Documentation Index > Fetch the complete documentation index at: https://docs.omni.co/llms.txt > Use this file to discover all available pages before exploring further. # Assign or update user group model role > Assigns or updates a model role for a user group. If the user group already has a role for the specified model, this endpoint will update it to the new role. All members of the user group will inherit this role. Model roles control what actions user group members can perform on models and connections. To manage user groups, see the [User group APIs](/api/user-groups). ## OpenAPI ````yaml /api/openapi.yaml post /v1/user-groups/{userGroupId}/model-roles openapi: 3.1.0 info: title: Omni API description: > The Omni REST API provides programmatic access to your Omni instance for managing users, documents, queries, schedules, and more. version: 1.0.0 contact: name: Omni Support url: https://docs.omni.co servers: - url: https://{instance}.omniapp.co/api description: Production variables: instance: default: blobsrus description: Your production Omni instance subdomain - url: https://{instance}.playground.exploreomni.dev/api description: Playground variables: instance: default: blobsrus description: Your playground Omni instance subdomain security: - bearerAuth: [] - orgApiKey: [] tags: - name: AI description: AI-powered query generation - name: API Tokens description: >- Manage API tokens (Organization keys, Personal Access Tokens, MCP OAuth grants) - name: Connections description: Manage database connections - name: Connection environments description: Manage connection environments database connections - name: Content description: Unified content retrieval (documents and folders) - name: Content migration description: Export and import dashboards - name: Content validator description: Validate content against models and perform find/replace operations - name: Dashboard downloads description: Download dashboards and tiles as PDF, PNG, XLSX, CSV, or JSON files - name: Dashboard filters and controls description: Read and update dashboard filter and control default values - name: dbt description: Manage dbt configuration for connections - name: Documents description: Create, retrieve, and manage documents - name: Document favorites description: Favorite and unfavorite documents - name: Document labels description: Apply and manage labels on documents - name: Document permissions description: Manage document-level access - name: Labels description: > Manage labels in an organization. Labels can be applied to documents and folders to help organize and categorize content. **Label types:** - **Basic labels**: Can be created and managed by any user - **Verified labels**: Indicate curated or officially sanctioned content. Admin-only. - **Homepage labels**: Appear on the organization homepage. Admin-only. - name: Folders description: Create and organize content folders - name: Folder permissions description: Manage folder-level access - name: Jobs description: Check status of asynchronous jobs - name: Models description: Create and manage data models - name: Model branches description: Manage model branches and merge changes - name: Model git configuration description: Manage git configuration for shared models - name: Queries description: Execute workbook queries - name: Schedules description: Create and manage scheduled tasks - name: Schedule recipients description: Manage schedule recipients - name: Schema refresh schedules description: Manage automated schema refresh schedules for connections - name: Topics description: Retrieve topic information from models - name: Uploads description: Manage file uploads - name: Users description: Manage users - name: User attributes description: Manage user attribute definitions - name: User groups description: Manage user groups - name: User model roles description: Manage model and connection role assignments for users - name: User group model roles description: Manage model and connection role assignments for user groups - name: Uploads description: Manage CSV and spreadsheet uploads paths: /v1/user-groups/{userGroupId}/model-roles: post: tags: - User group model roles summary: Assign or update user group model role description: > Assigns or updates a model role for a user group. If the user group already has a role for the specified model, this endpoint will update it to the new role. All members of the user group will inherit this role. Model roles control what actions user group members can perform on models and connections. To manage user groups, see the [User group APIs](/api/user-groups). operationId: assignUserGroupModelRole parameters: - name: userGroupId in: path required: true schema: type: string description: The ID of the user group to assign or update a model role for. example: mEhXj6ZI requestBody: required: true content: application/json: schema: type: object required: - roleName properties: connectionId: type: string format: uuid description: > The ID of the connection that the model belongs to: - **Required** if `modelId` is not provided - **Optional** if `modelId` is provided, as it will be inferred from the model modelId: type: string format: uuid description: > The ID of the model to assign the role for: - **Optional** when assigning `CONNECTION_ADMIN` or [custom roles](/administration/users/custom-roles) with `CONNECTION_ADMIN` as the base role - **Required** for other role types roleName: type: string description: > The role to assign. Available roles include: - `VIEWER` - Can view the model - `QUERIER` - Can view and query the model - `QUERY_TOPICS` - Can query specific topics. Equivalent to **Restricted Querier.** - `MODELER` - Can edit and model the data - `CONNECTION_ADMIN` - Full administrative access to the connection - `NO_ACCESS` - No access to the model - [Custom roles](/administration/users/custom-roles) defined for your organization example: connectionId: bc1f9c9f-208d-48a2-9ae3-ff80f2c79fed modelId: 7d3e4f5a-6b7c-8d9e-0f1a-2b3c4d5e6f7a roleName: QUERIER responses: '200': description: Model role assigned or updated successfully. content: application/json: schema: type: object properties: userGroupId: type: string description: The ID of the user group. connectionId: type: string format: uuid description: The ID of the connection. modelId: type: string format: uuid description: The ID of the model. roleName: type: string description: The assigned role name. example: userGroupId: mEhXj6ZI connectionId: bc1f9c9f-208d-48a2-9ae3-ff80f2c79fed modelId: 7d3e4f5a-6b7c-8d9e-0f1a-2b3c4d5e6f7a roleName: QUERIER '400': description: | Bad Request. Possible error messages include: - `Invalid JSON` - `Invalid model ID` - `Invalid connection ID` - `Method not allowed` content: application/json: schema: $ref: '#/components/schemas/Error' '404': description: | Not Found. Possible error messages include: - `User group not found in organization` - `Model does not exist` - `Connection does not exist` content: application/json: schema: $ref: '#/components/schemas/Error' '422': description: > Unprocessable Entity. Possible error messages include: - `Invalid role` - `Model does not belong to connection` - `Only shared and shared_extension models can be assigned model roles` content: application/json: schema: $ref: '#/components/schemas/Error' '429': $ref: '#/components/responses/TooManyRequests' security: - bearerAuth: [] components: schemas: Error: type: object properties: error: type: string description: HTTP response code for the error example: message: type: string description: Detailed error description example: responses: TooManyRequests: description: Too Many Requests - Rate limit exceeded (60 requests/minute) content: application/json: schema: $ref: '#/components/schemas/Error' securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: > Can be either an [Organization API Key](/api/authentication#organization-api-keys) or [Personal Access Token (PAT)](/api/authentication#personal-access-tokens-pat). Include in the `Authorization` header as: `Bearer YOUR_TOKEN` orgApiKey: type: http scheme: bearer bearerFormat: JWT description: > Requires an [Organization API Key](/api/authentication#organization-api-keys). Personal Access Tokens (PATs) are not supported for this endpoint. Include in the `Authorization` header as: `Bearer ORGANIZATION_API_KEY` ````