# PUT /api/v1/advisory-firms/{firm_id}/users/{user_id}/role > Update user role in firm - **Tag:** advisory-firms - **Operation ID:** `update_user_role_in_firm_api_v1_advisory_firms__firm_id__users__user_id__role_put` ## Description Update a user's role in an advisory firm. ## Authentication Bearer token in `Authorization` header. Required header: `x-business-id: `. ## Parameters - `firm_id` (path, string, required) - `user_id` (path, string, required) ## Request body Schema: `UserRoleUpdateRequest` - `role` (string · required) (one of: owner, admin, member, client) — New role for the user. `owner`: Full access + billing + user management. `admin`: Full access + user management (no billing). `member`: Access to assigned businesses only. ## Responses ### 200 — Successful Response Schema: `UserFirmAssociationResponse` - `id` (string · required) - `user_id` (string · required) - `advisory_firm_id` (string · required) - `role` (string) (one of: owner, admin, member, client) — User's role in the firm. `owner`: Full access + billing + user management. `admin`: Full access + user management (no billing). `member`: Access to assigned businesses only. ### 422 — Validation Error Schema: `HTTPValidationError` - `detail` (array · ValidationError) → `ValidationError` - `loc` (array · string | integer · required) - `msg` (string · required) - `type` (string · required) - `input` (object) - `ctx` (object) ## Code samples ### cURL ```bash curl -X PUT 'https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users/{user_id}/role' \ -H 'Authorization: Bearer dz_your_token' \ -H 'x-business-id: YOUR_BUSINESS_ID' \ -H 'Content-Type: application/json' \ -d '{ "role": "owner" }' ``` ### JavaScript ```javascript const response = await fetch('https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users/{user_id}/role', { method: 'PUT', headers: { Authorization: 'Bearer dz_your_token', 'x-business-id': 'YOUR_BUSINESS_ID', 'Content-Type': 'application/json', }, body: JSON.stringify({ "role": "owner" }), }); const data = await response.json(); ``` ### Python ```python import httpx headers = { "Authorization": "Bearer dz_your_token", "x-business-id": "YOUR_BUSINESS_ID", } payload = { "role": "owner" } response = httpx.put("https://api.ondayzero.com/api/v1/advisory-firms/{firm_id}/users/{user_id}/role", headers=headers, json=payload) data = response.json() ``` ## See also - HTML version: https://www.ondayzero.com/docs/reference/advisory-firms/update-user-role-in-firm - OpenAPI slice: https://www.ondayzero.com/docs/reference/advisory-firms/update-user-role-in-firm/openapi.json - Other endpoints in **advisory-firms**: https://www.ondayzero.com/docs/reference/advisory-firms