API Stability Long-Term

The role() GraphQL query is used to retrieve a given role by it's identifier. This will provide a list of permissions given with the role, as well as which users are assigned the role.

For more information on managing users and permissions in LogScale, see the Manage Users and Permissions documentation page. For more on user roles, see the Manage Roles.

Syntax

Below is the syntax for the role() query field:

graphql
role(
     roleId: string!
   ): Role!

For the input, you'll need the unique identifier of the user. To get that, use roles() . For Role, see the Returned Datatype section. Below is an example of how this query field might be used:

Raw
graphql
query {
  role(roleId:"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2")
     {displayName, usersCount, viewPermissions}
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\")
     {displayName, usersCount, viewPermissions}
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\")
     {displayName, usersCount, viewPermissions}
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\") ^
     {displayName, usersCount, viewPermissions} ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\")
     {displayName, usersCount, viewPermissions}
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\")
     {displayName, usersCount, viewPermissions}
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\")
     {displayName, usersCount, viewPermissions}
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  role(roleId:\"pFLOxe7C8zkNbWOSP8VartJ0I6Kz0eK2\")
     {displayName, usersCount, viewPermissions}
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL/graphql',
  path: '/graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "role": {
      "displayName": "Member",
      "usersCount": 14,
      "viewPermissions": [
        "ChangeDashboards",
        "ChangeSavedQueries",
        "ChangeTriggers",
        "ChangeFiles",
        "ChangeParsers",
        "ReadAccess"
      ]
    }
  }
}

Returned Datatypes

The returned datatype Role has several parameters. Below is a list of them along with a description of each:

Table: Role

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For some fields, this column indicates that a result will always be returned for this column.
Table last updated: Aug 21, 2025
colorstring  DeprecatedThe color associated with the role. However, role colors are no longer used. This parameter will be removed at the earliest in version 1.195.
descriptionstring  Long-TermA description of the role.
displayNamestringyes Long-TermThe display name of the role.
groups[Group]yes Long-TermThe groups related to the role. See Group.
groupsCountintegeryes Long-TermThe number of groups related to the role.
groupsV2(search: string, userId: string, searchInRoles: boolean, onlyIncludeGroupsWithRestrictiveQueryPrefix: boolean, limit: integer, skip: integer): GroupResultSetTypemultipleyes Long-TermThe groups related to the role. See GroupResultSetType.
idstringyes Long-TermThe unique identifier for the role.
organizationManagementPermissions[OrganizationManagementPermission]yes Long-TermThe organization management permissions given to the role. See OrganizationManagementPermission.
organizationPermissions[OrganizationPermission]yes Long-TermThe organization permissions given to the role. See OrganizationPermission.
readonlyDefaultRoleReadonlyDefaultRole  PreviewThe read-only default role. This parameter is a preview and subject to change. See ReadonlyDefaultRole.
systemPermissions[SystemPermission]yes Long-TermThe system permissions given to the role. See SystemPermission.
users[User]yes Long-TermA list of users assigned the role. See User.
usersCountintegeryes Long-TermThe number of users assigned the role.
viewPermissions[Permission]yes Long-TermThe view permissions given to the role. See Permission.