Security Requirements and Controls
API Stability Long-Term

The createRole() GraphQL mutation may be used to add a role. This is usable only if roles are not managed externally (e.g., handled in LDAP).

Related to this mutation, there is the mutation, removeRole() for removing a role. There is also the mutation updateDefaultRole() for updating the default role for a group.

For getting information about a given role, there is the role() query. There are also the roles() and rolesPage() queries to get a list of roles.

For more information on roles in LogScale, see Add a new user role. To create a role using the LogScale user interface, see Add a new user role.

Syntax

graphql
createRole(
      input: AddRoleInput!
   ): AddRoleMutation!

Example

Below is an example of how this mutation field might be used:

Raw
graphql
mutation {
  createRole(input:
      { displayName: "sales",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "mutation { ^
  createRole(input: ^
      { displayName: \"sales\", ^
        viewPermissions: [ReadAccess] ^
      } ) ^
  { role { id } } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "mutation {
  createRole(input:
      { displayName: \"sales\",
        viewPermissions: [ReadAccess]
      } )
  { role { id } }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "createRole": {
      "role": {
        "id": "pFkHHTbDSlcTo3elkos3Qd0ySW6Kduhb"
      }
    }
  }
}

Given Datatype

For this input datatype, you would provide the name of the role to create, and a list of permissions granted users who will be assigned the role. The table below lists other parameters you may give:

Table: AddRoleInput

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Sep 17, 2024
colorstring  Long-TermThe color used for highlighting role added.
displayNamestringyes Long-TermThe name to display for the role added.
objectActionObjectAction  Long-TermThe object of the action. See ObjectAction.
organizationManagementPermissions[OrganizationManagementPermission]yes Long-TermThe management permissions for the organization. See OrganizationManagementPermission.
organizationPermissions[OrganizationPermission]yes Long-TermThe permissions for the organization. See OrganizationPermission.
systemPermissions[SystemPermission]yes Long-TermThe permissions for the system. See SystemPermission.
viewPermissions[Permission]yes Long-TermThe permissions for the view. See Permission.

Returned Datatype

For the return datatype, you can get information on a role and what it entails, such as how many users and a list of assigned the role, and which assets they can access. Of course, you would know this information having just created the role with this mutation. These parameters are accessible through a sub-parameter, which is shown below with a link to that table:

Table: AddRoleMutation

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: Aug 19, 2025
roleRoleyes Long-TermThe role to add. See Role.