Summary

Roles allow you to manage permissions for a set of users, based on their activities or access needs. To see what roles exist in an organization, use the roles() GraphQL query. It will retrieve a list of all defined roles and various information on each.

API Stability Long-Term

Syntax

graphql
roles: [Role]!

There is no input for this query. For the results, though, there are many parameters and sub-parameters from which to choose. See the Returned Values section farther down this page for the possibilities.

Example

Raw
graphql
query {
  roles
    { displayName, id, 
      usersCount }
}
Mac OS or Linux (curl)
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  roles
    { displayName, id, 
      usersCount }
}"
}
EOF
Mac OS or Linux (curl) One-line
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d @- << EOF
{"query" : "query {
  roles
    { displayName, id, 
      usersCount }
}"
}
EOF
Windows Cmd and curl
shell
curl -v -X POST $YOUR_LOGSCALE_URL/graphql ^
    -H "Authorization: Bearer $TOKEN" ^
    -H "Content-Type: application/json" ^
    -d @'{"query" : "query { ^
  roles ^
    { displayName, id,  ^
      usersCount } ^
}" ^
} '
Windows Powershell and curl
powershell
curl.exe -X POST 
    -H "Authorization: Bearer $TOKEN"
    -H "Content-Type: application/json"
    -d '{"query" : "query {
  roles
    { displayName, id, 
      usersCount }
}"
}'
    "$YOUR_LOGSCALE_URL/graphql"
Perl
perl
#!/usr/bin/perl

use HTTP::Request;
use LWP;

my $TOKEN = "TOKEN";

my $uri = '$YOUR_LOGSCALE_URL/graphql';

my $query = "query {
  roles
    { displayName, id, 
      usersCount }
}";
$query =~ s/\n/ /g;
my $json = sprintf('{"query" : "%s"}',$query);
my $req = HTTP::Request->new("POST", $uri );

$req->header("Authorization" => "Bearer $TOKEN");
$req->header("Content-Type" => "application/json");

$req->content( $json );

my $lwp = LWP::UserAgent->new;

my $result = $lwp->request( $req );

print $result->{"_content"},"\n";
Python
python
#! /usr/local/bin/python3

import requests

url = '$YOUR_LOGSCALE_URL/graphql'
mydata = r'''{"query" : "query {
  roles
    { displayName, id, 
      usersCount }
}"
}'''

resp = requests.post(url,
                     data = mydata,
                     headers = {
   "Authorization" : "Bearer $TOKEN",
   "Content-Type" : "application/json"
}
)

print(resp.text)
Node.js
javascript
const https = require('https');

const data = JSON.stringify(
    {"query" : "query {
  roles
    { displayName, id, 
      usersCount }
}"
}
);


const options = {
  hostname: '$YOUR_LOGSCALE_URL',
  path: 'graphql',
  port: 443,
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length,
    Authorization: 'BEARER ' + process.env.TOKEN,
    'User-Agent': 'Node',
  },
};

const req = https.request(options, (res) => {
  let data = '';
  console.log(`statusCode: ${res.statusCode}`);

  res.on('data', (d) => {
    data += d;
  });
  res.on('end', () => {
    console.log(JSON.parse(data).data);
  });
});

req.on('error', (error) => {
  console.error(error);
});

req.write(data);
req.end();
Example Responses
Success (HTTP Response Code 200 OK)
json
{
  "data": {
    "roles": [
      {
        "displayName": "Admin",
        "id": "abc123",
        "usersCount": 2
      },
      {
        "displayName": "Deleter",
        "id": "def456",
        "usersCount": 2
      },
      {
        "displayName": "Member",
        "id": "ghi789",
        "usersCount": 26
      },
      {
        "displayName": "Reader",
        "id": "READONLY-DEFAULT-ROLE-Reader",
        "usersCount": 4
      }
    ]
  }
}

Returned Values

For the results, you can get plenty on the roles. The table below lists what will be available, along with links to sub-choices:

Table: Role Datatype

ParameterTypeRequiredDefaultStabilityDescription
Some input parameters may be required, as indicated in the Required column. For return values, this indicates that you are assured a value if the field is requested for the results.
Table last updated: Aug 21, 2025
colorstring  DeprecatedThe color associated with the role. However, role colors are no longer used. This parameter will be removed at the earliest in version 1.195.
descriptionstring  Long-TermA description of the role.
displayNamestringyes Long-TermThe display name of the role.
groups[Group]yes Long-TermThe groups related to the role. See Group.
groupsCountintegeryes Long-TermThe number of groups related to the role.
groupsV2(search: string, userId: string, searchInRoles: boolean, onlyIncludeGroupsWithRestrictiveQueryPrefix: boolean, limit: integer, skip: integer): GroupResultSetTypemultipleyes Long-TermThe groups related to the role. See GroupResultSetType.
idstringyes Long-TermThe unique identifier for the role.
organizationManagementPermissions[OrganizationManagementPermission]yes Long-TermThe organization management permissions given to the role. See OrganizationManagementPermission.
organizationPermissions[OrganizationPermission]yes Long-TermThe organization permissions given to the role. See OrganizationPermission.
readonlyDefaultRoleReadonlyDefaultRole  PreviewThe read-only default role. This parameter is a preview and subject to change. See ReadonlyDefaultRole.
systemPermissions[SystemPermission]yes Long-TermThe system permissions given to the role. See SystemPermission.
users[User]yes Long-TermA list of users assigned the role. See User.
usersCountintegeryes Long-TermThe number of users assigned the role.
viewPermissions[Permission]yes Long-TermThe view permissions given to the role. See Permission.