Update the grants for a restricted user. This can be used to give a user access to new entities or actions, or take access away. Omit a grant object from the request to keep its current setting.
This operation can only be accessed by account users with unrestricted access.
This operation only applies to restricted users. An unrestricted user has access to everything and doesn't use grants.
Parent and child accounts
In a parent and child account environment, the following apply:
-
No child account user can modify the
account_access
grant for the child account parent user (proxy user). -
An unrestricted child account user can configure all other grants for the proxy user, with the
global
object. -
An unrestricted child account user can enable the
account_access
grant for other child account users. However, enabled child users are still subject to child user restrictions--they can't perform write operations for any billing or account information.
OAuth scopes
account:read_write