Security Requirements and Controls
API Stability Long-Term

The createRole() GraphQL mutation may be used to add a role. This is usable only if roles are not managed externally (e.g., handled in LDAP).

For more information on roles in LogScale, see Add a new user role. To create a role using the LogScale user interface, see Add a new user role.

Syntax

Below is the syntax for the createRole() mutation field:

graphql
createRole(
      input: AddRoleInput!
   ): AddRoleMutation!

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createRole(input:
      { displayName: "sales",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createRole(input: ^
      { displayName: \"sales\", ^
        viewPermissions: [ReadAccess] ^
      } ) ^
  { role { id } } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createRole": {
      "role": {
        "id": "pFkHHTbDSlcTo3elkos3Qd0ySW6Kduhb"
      }
    }
  }
}

Given Datatypes

For AddRoleInput, there are a few parameters. Below is a list of them along with descriptions of each:

Table: AddRoleInput

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 17, 2024
colorstring  Long-TermThe color used for highlighting role added.
displayNamestringyes Long-TermThe name to display for the role added.
objectActionObjectAction  Long-TermThe object of the action. See ObjectAction.
organizationManagementPermissions[OrganizationManagementPermission]yes Long-TermThe management permissions for the organization. See OrganizationManagementPermission.
organizationPermissions[OrganizationPermission]yes Long-TermThe permissions for the organization. See OrganizationPermission.
systemPermissions[SystemPermission]yes Long-TermThe permissions for the system. See SystemPermission.
viewPermissions[Permission]yes Long-TermThe permissions for the view. See Permission.

Returned Datatypes

The returned datatype AddRoleMutation has one parameter, but if you click on it below you'll see that it has several sub-parameters:

Table: AddRoleMutation

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 19, 2025
roleRoleyes Long-TermThe role to add. See Role.