# Replace application access-control rules

**PUT /api/applications/{applicationId}/access-control**

Replace the app-level access-control rule configuration for the specified application.


## Servers
- Logto endpoint address.: https://[tenant_id].logto.app (Logto endpoint address.)


## Authentication methods
- O auth2


## Parameters

### Path parameters
- **applicationId** (string)
  The unique identifier of the application.


### Body: application/json (object)

- **userIds** (array[string])
  An array of user IDs that can access the application.
- **userRoleIds** (array[string])
  An array of user role IDs whose assigned users can access the application.
- **organizationIds** (array[string])
  An array of organization IDs whose members can access the application.
- **organizationRoleRules** (array[object])
  An array of organization-role rule groups. Each group contains an organization ID and the organization role IDs that can access the application in that organization.


## Responses
### 200
The app-level access-control rule configuration was replaced successfully.

#### Body: application/json (object)
- **userIds** (array[string])

- **userRoleIds** (array[string])

- **organizationIds** (array[string])

- **organizationRoleRules** (array[object])


### 400
Bad Request

### 401
Unauthorized

### 403
Forbidden

### 404
The application or referenced entities were not found, or app-level access control is unavailable.

### 422
The access-control rule payload contains invalid role types or empty organization-role groups.


[Powered by Bump.sh](https://bump.sh)