Qodex.ai

Create Role

POST https://{{ASTRA_DB_API_HOST}}/{{ASTRA_DB_API_VERSION}}/organizations/roles

https://docs.datastax.com/en/astra-api-docs/_attachments/devops-api/index.html#tag/Roles/operation/addOrganizationRole

Role Name

provide a value to the name key

Role Policy

Description

provide a relevant description

Resources

provide the resources that this role will have permissions on. For example:

  • drn:astra:org:, drn:astra:org::db::keyspace::table:\*

    Actions


    assign actions to determine the available permissions for the role. For example:

    • org-read
    • db-all-keyspace-create
    • db-all-keyspace-describe
    for a full list of actions, see thedoco

    Example


    To create a role that allows the users to use the REST and GraphQL APIs and also allow the role to modify tables, use:

    description: Access to REST and GraphQL APIs, modify tables
    resources: [drn:astra:org:, drn:astra:org::db::keyspace::table:\*]
    actions: [db-graphql, db-rest, db-table-modify]

    • Request Body

    {"name"=>"<roleName>", "policy"=>{"description"=>"Create and describe keyspaces", "resources"=>["drn:astra:org:{{ORGANIZATION_ID}}"], "actions"=>["db-all-keyspace-create", "db-all-keyspace-describe"], "effect"=>"allow"}}