Create Role
POST https://{{ASTRA_DB_API_HOST}}/{{ASTRA_DB_API_VERSION}}/organizations/roles
Role Name
provide a value to the name key
Role Policy
Description
provide a relevant description
Resources
provide the resources that this role will have permissions on. For example:
drn:astra:org:
, drn:astra:org::db::keyspace::table:\*
Actions
assign actions to determine the available permissions for the role. For example:
- org-read
- db-all-keyspace-create
- db-all-keyspace-describe
for a full list of actions, see thedoco
Example
To create a role that allows the users to use the REST and GraphQL APIs and also allow the role to modify tables, use:
description:
resources: [
actions: [
Access to REST and GraphQL APIs, modify tables
resources: [
drn:astra:org:,
drn:astra:org:]:db: :keyspace: :table:\*
actions: [
db-graphql,
db-rest,
db-table-modify]
Request Body
{"name"=>"<roleName>", "policy"=>{"description"=>"Create and describe keyspaces", "resources"=>["drn:astra:org:{{ORGANIZATION_ID}}"], "actions"=>["db-all-keyspace-create", "db-all-keyspace-describe"], "effect"=>"allow"}}