To achieve an objective of adding users with role a) while creating a new ASM tenant b) add to an existing ASM tenant.
These teams are individual users for example product_team role contains user1@<your companyname.com> , user2@<your companyname.com> AND operation team role with underlying
PDL( <PDL name.pdl>@<your companyname.com>)
and for this Ops team email PDL so technically every created ASM tenant should have read only access .
When trying to create a user with a role however the roles field value in the payload is not used. Its creating user without any role.
How to achieve the following objective ?
ASM
1: Anyone on the PDL could initiate password reset request and hijack the account so this something we wont recommend.
2: You need to create the account individually . Also please note
3: There is no "tenant" concept in ASM it is the master account in ASM.
Two master accounts in ASM are not aware of each other. Example: we have 2 master accounts, UserA@<your companyname.com> and UserB@<your companyname.com>. Let's say that UserA logs in and creates 3 subaccounts, user1, user2 and user3. Those 3 subaccounts belong only to UserA. They will NOT be able to belong to UserB. If UserB logs in and tries to add user1 to itself, it will encounter an error "account with that email already exists".
Likewise there is no administrative way to link user1 to both UserA and UserB. It is not allowed.
Even if this was achievable from the API, it still will not work in the GUI and will be extremely difficult to monitor and separate which master account is sending emails to it.
Even if this was achievable from the API, it still will not work in the GUI and will be extremely difficult to monitor and separate which master account is sending emails to it.
Basically master accounts can create user based subaccount .