Create Custom Roles

Design and create custom roles tailored to your organization's specific needs.

Role Design Process

Step 1: Identify Need

Questions to ask:

What job function needs access?
What should they be able to do?
What should they NOT be able to do?
Is this temporary or permanent?

Step 2: Get Permission Template

Bash
    
 
GET /authz/api/v1/roles/template
Copy

Review available permissions.

Step 3: Create Role

Bash
    
 
POST /authz/api/v1/roles
Copy

Example: Dashboard Editor

JSON
    
 
{  "name": "dashboard-editor",  "description": "Can create and edit dashboards but not publish to production",  "permissions": [    "dashboard.create",    "dashboard.edit",    "dashboard.view",    "catalog.view"  ]}
Copy

Example: Pipeline Monitor

JSON
    
 
{  "name": "pipeline-monitor",  "description": "View pipelines and runs, can trigger manual runs",  "permissions": [    "pipeline.view",    "pipeline.execute",    "pipeline.run.view"  ]}
Copy

Step 4: Test Role

Bash
    
​x
 
# Assign to test userPUT /admin/api/assign-client-roles{  "userId": "test-user",  "roles": ["dashboard-editor"]}​# Verify permissionsGET /authz/api/v1/users/permissions?userId=test-user
Copy

Step 5: Deploy to Production

Bash
    
 
# Assign to appropriate groupsPUT /admin/api/assign-client-roles{  "groupId": "group-dashboard-team",  "roles": ["dashboard-editor"]}
Copy

Common Custom Roles

Auditor Role:

JSON
    
 
{  "name": "auditor",  "permissions": ["*.view", "audit.read", "log.read"]}
Copy

Data Steward:

JSON
    
 
{  "name": "data-steward",  "permissions": ["catalog.certify", "catalog.tag", "metadata.edit"]}
Copy

Pipeline Operator:

JSON
    
 
{  "name": "pipeline-operator",  "permissions": ["pipeline.view", "pipeline.execute", "pipeline.monitor"]}
Copy

APIs Used

GET /authz/api/v1/roles/template - Get permissions
POST /authz/api/v1/roles - Create role
GET /authz/api/v1/roles/:roleId - View role details
PUT /admin/api/assign-client-roles - Assign role

Last updated on

Was this page helpful?