I think there may be two approaches here.  You can export a technical role (create one, then select it in the Technical Roles page and use the actions button to download the defintiion), then look at the content and try to recreate that syntax and import your roles using that format.   

That will look like this:

{
    "type": "ROLE_POLICY",
    "export-version": "4.2.0 ",
    "export-date": "09-1-2025 08:43:03",
    "roles": [{
        "name": "Mining Candidates",
        "description": "Technical role candidate mined on Jun 25, 2024<br\/><\/br>Authorizations: 2<br\/>Users: 129",
        "riskMode": "MAN",
        "uniqueId": "0bc0891399dd417fa5387db9761f5f57",
        "permissions": [
            {
                "application": "eDir",
                "applicationId": "55a607831ef44c378b4a9c3fe401cad0",
                "name": "finance",
                "description": "One liner",
                "criteria": {
                    "operator": "AND",
                    "childCriteria": [{
                        "attributeKey": "digestId",
                        "operator": "MATCHES",
                        "value": "eb5d31d4-6206-3b4c-ae82-a6c26ecfdf0f"
                    }]
                }
            },
            {
                "application": "eDir",
                "applicationId": "55a607831ef44c378b4a9c3fe401cad0",
                "name": "Billionaires",
                "description": "Description",
                "criteria": {
                    "operator": "AND",
                    "childCriteria": [{
                        "attributeKey": "digestId",
                        "operator": "MATCHES",
                        "value": "7f5035e3-f7fd-3716-a07a-203e18bd7466"
                    }]
                }
            }
        ]
    }],
    "applications": [{
        "uniqueId": "55a607831ef44c378b4a9c3fe401cad0",
        "name": "eDir"
    }]
}

Separately, if you are planning on importing more than just once, you may want to look at the API for roles management and think about using a script to make subsequent calls to that API.  The payload will likely be a bit different than the import format, but it could be a quicker process if you repeatedly need to import a lot of tech roles.   You'd want to look at {API}/policy/roles inside the /apidoc context. Looking at a browser dev tools while you perform an import will give some insight into the correct payload for an import.   * Note that API work isn't supported, other than by friendly community members here.

--Jim

Hi Jim, do you have the same json example for import tecnical roles with permissions and assigned users? Now I can import a massive number of technical roles via json but I need to assign these roles to users. thanks in advance

Oh, that's interesting.    Normally you would assign a technical role to a set of users (and then it will fulfill and grant them the access in the downstream system) OR it runs in a detective mode, where after collecting data from a app collector, it will identify if a user has all the rights of a tech role.   I've not attempted to, or thought about assigning via API before.    What are you trying to accomplish?   I've you are trying to assign roles, you might be able to wrap the tech role in a business role, then use attributes of the user to assign it.   But it sounds like you have a list you are starting from.  Maybe you need to collect those assignments?

--Jim

Oh, that's interesting.    Normally you would assign a technical role to a set of users (and then it will fulfill and grant them the access in the downstream system) OR it runs in a detective mode, where after collecting data from a app collector, it will identify if a user has all the rights of a tech role.   I've not attempted to, or thought about assigning via API before.    What are you trying to accomplish?   I've you are trying to assign roles, you might be able to wrap the tech role in a business role, then use attributes of the user to assign it.   But it sounds like you have a list you are starting from.  Maybe you need to collect those assignments?

--Jim

Hello,

   Assigning a Technical Role from the TR catalog will not cause Authorization requests to be created.  The user will simply be assigned to the TR. For the Authorizations to be created the TR must be requested from Access Request or Authorized by a Business Role.

Sincerely,

Steven Williams

Principal Enterprise Architect

OpenText Cybersecurity