Set Access Codes for Role landing.role.setAccessCodes

If you are developing integrations for Bitrix24 using AI tools (Codex, Claude Code, Cursor), connect to the MCP server so that the assistant can utilize the official REST documentation.

Scope: landing

Who can execute the method: administrator or user with "full access" permission to the "Sites and Stores" section.

The method landing.role.setAccessCodes specifies to whom the role is assigned: users, groups, or departments. After invocation, the method reapplies the already saved permissions of this role for the sites.

Method Parameters

Required parameters are marked with *

Name
type

Description

id*
integer

Role identifier. You can obtain the identifier using the method landing.role.getList

codes
string[]

The final list of access codes for the role.

The method completely replaces the previously saved list and does not merge it with the current one.

Access code options:

  • U<ID> — user
  • G<ID> — user group
  • DR<ID> — department along with sub-departments
  • AU — all authorized users
  • SG<ID> — working group

More details about access codes and their usage rules can be found in the description of the method landing.site.setRights.

The method does not check each access code individually. If there is an unsupported or non-existent code in the list, there will be no separate error.

If the codes parameter is not provided, the role's code list will be cleared. However, the saved role permissions for the sites do not automatically disappear, so after invocation, access may remain for more users than expected.

After changing the access codes, the system recalculates not only the permissions for the sites but also the additional permissions of the role: the ability to create sites, view the "Sites and Stores" section in the menu, and administer the section.

You cannot retrieve the saved list of access codes via REST. The method landing.role.getList returns only the identifier, name, and XML_ID of the role, while landing.role.getRights shows only the role's permissions for the sites.

If the codes parameter is passed in a format other than an array, the method will return an ERROR_ARGUMENT error.

Code Examples

How to Use Examples in Documentation

curl -X POST \
          -H "Content-Type: application/json" \
          -d '{
            "id": 11,
            "codes": [
              "U45",
              "DR7",
              "SG3_A"
            ]
          }' \
          "https://**put.your-domain-here**/rest/**user_id**/**webhook_code**/landing.role.setAccessCodes.json"
        
curl -X POST \
          -H "Content-Type: application/json" \
          -d '{
            "id": 11,
            "codes": [
              "U45",
              "DR7",
              "SG3_A"
            ],
            "auth": "**put_access_token_here**"
          }' \
          "https://**put.your-domain-here**/rest/landing.role.setAccessCodes.json"
        
try
        {
            const response = await $b24.callMethod(
                'landing.role.setAccessCodes',
                {
                    id: 11,
                    codes: [
                        'U45',
                        'DR7',
                        'SG3_A'
                    ]
                }
            );
        
            const result = response.getData().result;
            console.info(result);
        }
        catch (error)
        {
            console.error(error);
        }
        
try {
            $response = $b24Service
                ->core
                ->call(
                    'landing.role.setAccessCodes',
                    [
                        'id' => 11,
                        'codes' => [
                            'U45',
                            'DR7',
                            'SG3_A',
                        ],
                    ]
                );
        
            $result = $response
                ->getResponseData()
                ->getResult();
        
            echo 'Success: ' . print_r($result, true);
        } catch (Throwable $e) {
            error_log($e->getMessage());
            echo 'Error setting role access codes: ' . $e->getMessage();
        }
        
BX24.callMethod(
            'landing.role.setAccessCodes',
            {
                id: 11,
                codes: [
                    'U45',
                    'DR7',
                    'SG3_A'
                ]
            },
            function(result)
            {
                if (result.error())
                {
                    console.error(result.error());
                }
                else
                {
                    console.info(result.data());
                }
            }
        );
        
require_once('crest.php');
        
        $result = CRest::call(
            'landing.role.setAccessCodes',
            [
                'id' => 11,
                'codes' => [
                    'U45',
                    'DR7',
                    'SG3_A',
                ],
            ]
        );
        
        if (isset($result['error']))
        {
            echo 'Error: ' . $result['error_description'];
        }
        else
        {
            echo '<pre>';
            print_r($result['result']);
            echo '</pre>';
        }

Response Handling

HTTP status: 200

{
            "result": true,
            "time": {
                "start": 1775067129,
                "finish": 1775067129.196438,
                "duration": 0.19643807411193848,
                "processing": 0,
                "date_start": "2026-04-01T21:12:09+02:00",
                "date_finish": "2026-04-01T21:12:09+02:00",
                "operating_reset_at": 1775067729,
                "operating": 0
            }
        }

Returned Data

Name
type

Description

result
boolean

Call result

The method returns true if the request completed without access or system errors.

The value true alone does not confirm that a role with such id exists or that the list of codes was changed.

After invocation, check the result in the interface. You can additionally verify which permissions of the role are applied to the sites via the method landing.role.getRights, but this method does not return the final list of access codes.

time
time

Information about the request execution time

Error Handling

HTTP status: 400

{
            "error": "MISSING_PARAMS",
            "error_description": "Not enough call parameters, missing: id"
        }

Name
type

Description

error
string

String error code. It may consist of digits, Latin letters, and underscores

error_description
error_description

Textual description of the error. The description is not intended to be shown to the end user in its raw form

Possible Error Codes

Code

Description

ACCESS_DENIED

Insufficient permissions to work with the "Sites and Stores" section.

IS_NOT_ADMIN

The method requires administrator rights or "full access" permission to the "Sites and Stores" section.

FEATURE_NOT_AVAIL

Managing permissions in the "Sites and Stores" section is not available on the current plan.

MISSING_PARAMS

The required parameter id is missing.

ERROR_ARGUMENT

The codes parameter is not passed in array format.

Statuses and System Error Codes

HTTP Status: 20x, 40x, 50x

The errors described below may occur when calling any method.

Status

Code
Error Message

Description

500

INTERNAL_SERVER_ERROR
Internal server error

An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support

500

ERROR_UNEXPECTED_ANSWER
Server returned an unexpected response

An internal server error has occurred. Please contact the server administrator or Bitrix24 technical support

503

QUERY_LIMIT_EXCEEDED
Too many requests

The request intensity limit has been exceeded

405

ERROR_BATCH_METHOD_NOT_ALLOWED
Method is not allowed for batch usage

The current method is not permitted for calls using batch

400

ERROR_BATCH_LENGTH_EXCEEDED
Max batch length exceeded

The maximum length of parameters passed to the batch method has been exceeded

401

NO_AUTH_FOUND
Wrong authorization data

Invalid access token or webhook code

400

INVALID_REQUEST
Https required

The HTTPS protocol is required for method calls

503

OVERLOAD_LIMIT
REST API is blocked due to overload

The REST API is blocked due to overload. This is a manual individual block; please contact Bitrix24 technical support to lift it

403

ACCESS_DENIED
REST API is available only on commercial plans

The REST API is only available on commercial plans

403

INVALID_CREDENTIALS
Invalid request credentials

The user associated with the access token or webhook used to call the method lacks the necessary permissions

404

ERROR_MANIFEST_IS_NOT_AVAILABLE
Manifest is not available

The manifest is not available

403

insufficient_scope
The request requires higher privileges than provided by the webhook token

The request requires higher privileges than those provided by the webhook token

401

expired_token
The access token provided has expired

The provided access token has expired

403

user_access_error
The user does not have access to the application

The user does not have access to the application. This means that the application is installed, but the portal administrator has restricted access to this application to specific users only

500

PORTAL_DELETED
Portal was deleted

The public part of the site is closed. To open the public part of the site on an on-premise installation, disable the "Temporary closure of the public part of the site" option. Path to the setting: Desktop > Settings > Product Settings > Module Settings > Main Module > Temporary closure of the public part of the site

Continue Learning

Previous
Get List of Sites with Access Permissions for Role
Next
Set Role Permissions for List of Sites