createRole()

For easier management of permissions for users, you can create roles and then assign them to users and groups of users. To create a role, use the createRole() GraphQL mutation. This is usable only if roles are not managed externally (e.g., handled in LDAP).

To make changes to a role, you can use the updateRole() mutation. To eliminate completely a role, use the removeRole() mutation.

For getting information about a given role, there is the role() query. There are also the roles() and rolesPage() queries to get a list of roles.

For more information on roles in LogScale, see Add a new user role. To create a role using the LogScale user interface, see Add a new user role.

API Stability	`Long-Term`
Security Requirement & Control	`ManageUsers` API permission

Syntax

graphql

createRole(
      input: AddRoleInput!
   ): AddRoleMutation!

For the input, you'll have to give the name of the role to create, and a list of permissions granted users who will be assigned the role. See the Given Datatype section for details.

For the results, you can get plenty on the role. See the Returned Datatype section for what's available.

Example

Raw

graphql

mutation {
  createRole(input:
      { displayName: "sales",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}

Mac OS or Linux (curl)

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
EOF

Mac OS or Linux (curl) One-line

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
EOF

Windows Cmd and curl

shell

curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createRole(input: ^
      { displayName: \"sales\", ^
        viewPermissions: [ReadAccess] ^
      } ) ^
  { role { id } } ^
}" ^
} '

Windows Powershell and curl

powershell

curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"

Perl

perl

#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";

Python

python

#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)

Node.js

javascript

const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();

Example Responses

Success (HTTP Response Code 200 OK)

json

{
  "data": {
    "createRole": {
      "role": {
        "id": "abc123"
      }
    }
  }
}

Given Datatype

For this input datatype, you would provide the name of the role to create, and a list of permissions granted users who will be assigned the role. The table below lists other parameters you may give:

Table: AddRoleInput

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 17, 2024
color	string		`Long-Term`	The color used for highlighting role added.
displayName	string	yes	`Long-Term`	The name to display for the role added.
objectAction	ObjectAction		`Long-Term`	The object of the action. See ObjectAction.
organizationManagementPermissions	[OrganizationManagementPermission]	yes	`Long-Term`	The management permissions for the organization. See OrganizationManagementPermission.
organizationPermissions	[OrganizationPermission]	yes	`Long-Term`	The permissions for the organization. See OrganizationPermission.
systemPermissions	[SystemPermission]	yes	`Long-Term`	The permissions for the system. See SystemPermission.
viewPermissions	[Permission]	yes	`Long-Term`	The permissions for the view. See Permission.

Returned Datatype

For the return datatype, you can get information on a role and what it entails, such as how many users and a list of assigned the role, and which assets they can access. Of course, you would know this information having just created the role with this mutation. These parameters are accessible through a sub-parameter, which is shown below with a link to that table:

Table: AddRoleMutation

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 19, 2025
role	Role	yes	`Long-Term`	The role to add. See Role.

The datatype above uses another datatype for information on a role. For your convenience, the table for that sub-datatype is included here:

Table: Role

Parameter	Type	Required	Stability	Description
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 21, 2025
color	string		`Deprecated`	The color associated with the role. However, role colors are no longer used. This parameter will be removed at the earliest in version 1.195.
description	string		`Long-Term`	A description of the role.
displayName	string	yes	`Long-Term`	The display name of the role.
groups	[Group]	yes	`Long-Term`	The groups related to the role. See Group.
groupsCount	integer	yes	`Long-Term`	The number of groups related to the role.
groupsV2(search: string, userId: string, searchInRoles: boolean, onlyIncludeGroupsWithRestrictiveQueryPrefix: boolean, limit: integer, skip: integer): GroupResultSetType	multiple	yes	`Long-Term`	The groups related to the role. See GroupResultSetType.
id	string	yes	`Long-Term`	The unique identifier for the role.
organizationManagementPermissions	[OrganizationManagementPermission]	yes	`Long-Term`	The organization management permissions given to the role. See OrganizationManagementPermission.
organizationPermissions	[OrganizationPermission]	yes	`Long-Term`	The organization permissions given to the role. See OrganizationPermission.
readonlyDefaultRole	ReadonlyDefaultRole		`Preview`	The read-only default role. This parameter is a preview and subject to change. See ReadonlyDefaultRole.
systemPermissions	[SystemPermission]	yes	`Long-Term`	The system permissions given to the role. See SystemPermission.
users	[User]	yes	`Long-Term`	A list of users assigned the role. See User.
usersCount	integer	yes	`Long-Term`	The number of users assigned the role.
viewPermissions	[Permission]	yes	`Long-Term`	The view permissions given to the role. See Permission.

Versions of this Page

GraphQL Mutations

GraphQL API Stability

GraphQL Queries

GraphQL Datatypes

createRole()

Syntax

Example

Given Datatype

Returned Datatype

Enter search term