Roles
The Roles page manages permission roles that can be assigned to users. Each role contains a set of scopes following the resource:action pattern (e.g., scans:view, config:manage). Users can have multiple roles and their effective permissions are the union of all assigned role scopes. Built-in roles (admin, operator, viewer) cannot be deleted.
Inputs
| Name | Description | Allowed Values | Default |
|---|---|---|---|
| Name | Unique name for the role | Non-empty string | — |
| Description | Optional description of the role purpose | Any text | Empty |
| Scopes | Permissions granted by this role | Space or comma separated resource:action pairs (e.g., scans:view, config:manage) | Empty |
Fields & Columns
| Name | Description |
|---|---|
| Name | Editable inline — the role name |
| Description | Editable inline — optional description of what this role is for |
| Scopes | Editable inline as tags — the resource:action permissions this role grants |
How To
Create a custom role
- Navigate to Admin > Identity > Roles.
- Click Create Role.
- Enter a role name and description.
- Select the resource:action scopes to grant.
- Click Save to create the role.
Gotchas
- Built-in roles (admin, operator, viewer) cannot be modified or deleted.
- Scope format is resource:action where action is "view" (read) or "manage" (create/edit/delete). Some resources also support special actions like "execute".
- Removing a scope from a role immediately affects all users who have that role assigned.
API Calls (4)
| Method | Path | Description |
|---|---|---|
| GET | /api/admin/identity/roles | List all roles with their scopes |
| POST | /api/admin/identity/roles | Create a new custom role |
| PUT | /api/admin/identity/roles/:id | Update role name, description, or scopes |
| DELETE | /api/admin/identity/roles/:id | Delete a custom role |
Related Pages
- Users — Users are assigned roles to control their permissions
- Changes — Role modifications are logged in the audit trail
- OIDC Configuration — Auto-provisioned OIDC users receive a default role