Skip to main content
The roles client methods are currently in BETA. The API may change without notice. A one-time warning is emitted on first use.
A role is a named set of permissions that can be bound to users on resources (see Role Bindings). The Get, Update, and Delete methods accept either a role name or an ID — the SDK resolves names to IDs on your behalf. Predefined (system) roles cannot be updated or deleted. Reference permission identifiers through the roles.Permissions namespace (e.g. roles.Permissions.ProjectRead) rather than bare string literals.

List Roles

List returns a paginated list of roles. Defaults to a page size of 50. IsPredefined is a tri-state pointer filter — nil returns both predefined and custom roles, a pointer to true returns only system-defined roles, and a pointer to false returns only custom roles. Signature:
Usage Example:

Get a Role

Get returns a single role, resolving by name or ID. Signature:
Usage Example:

Create a Role

Create issues a POST to create a new role and returns the created role. At least one permission is required; reference them through the roles.Permissions namespace. Signature:
Usage Example:

Update a Role

Update patches an existing role, resolving the target by name or ID, and returns the updated role. Name, Description, and Permissions are pointers — nil preserves the existing value. When Permissions is non-nil it replaces the existing permission set and must contain at least one permission (the server rejects empty arrays). Signature:
Usage Example:

Delete a Role

Delete removes a role, resolving by name or ID. Predefined (system) roles cannot be deleted. It returns only an error. Signature:
Usage Example: