Design and create custom roles tailored to your organization's specific needs.
Role Design Process
Step 1: Identify Need
Questions to ask:
- What job function needs access?
- What should they be able to do?
- What should they NOT be able to do?
- Is this temporary or permanent?
Step 2: Get Permission Template
GET /authz/api/v1/roles/templateReview available permissions.
Step 3: Create Role
POST /authz/api/v1/rolesExample: Dashboard Editor
{ "name": "dashboard-editor", "description": "Can create and edit dashboards but not publish to production", "permissions": [ "dashboard.create", "dashboard.edit", "dashboard.view", "catalog.view" ]}Example: Pipeline Monitor
{ "name": "pipeline-monitor", "description": "View pipelines and runs, can trigger manual runs", "permissions": [ "pipeline.view", "pipeline.execute", "pipeline.run.view" ]}Step 4: Test Role
x
# Assign to test userPUT /admin/api/assign-client-roles{ "userId": "test-user", "roles": ["dashboard-editor"]}# Verify permissionsGET /authz/api/v1/users/permissions?userId=test-userStep 5: Deploy to Production
# Assign to appropriate groupsPUT /admin/api/assign-client-roles{ "groupId": "group-dashboard-team", "roles": ["dashboard-editor"]}Common Custom Roles
Auditor Role:
{ "name": "auditor", "permissions": ["*.view", "audit.read", "log.read"]}Data Steward:
{ "name": "data-steward", "permissions": ["catalog.certify", "catalog.tag", "metadata.edit"]}Pipeline Operator:
{ "name": "pipeline-operator", "permissions": ["pipeline.view", "pipeline.execute", "pipeline.monitor"]}APIs Used
GET /authz/api/v1/roles/template- Get permissionsPOST /authz/api/v1/roles- Create roleGET /authz/api/v1/roles/:roleId- View role detailsPUT /admin/api/assign-client-roles- Assign role
Was this page helpful?