Skip to main content
POST
/
orgs
/
{org_id}
/
roles
cURL
curl --request POST \
  --url https://api.timbal.ai/orgs/{org_id}/roles \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "actions": [],
  "description": "<string>"
}
'
{
  "actions": [],
  "created_at": "2023-11-07T05:31:56Z",
  "id": "<string>",
  "name": "<string>",
  "updated_at": "2023-11-07T05:31:56Z",
  "description": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.timbal.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.

Path Parameters

org_id
string
required

Body

application/json
name
string
required

Role name. Must be unique within the organization.

actions
enum<string>[]

Domain actions this role grants. Unknown action keys fail deserialization (400). Empty list is allowed.

A domain action a role can grant. Action keys follow <scope>.<resource>.<verb> (e.g. org.project.create).

Available options:
org.project.create,
org.user.view,
org.user.invite,
org.user.remove,
org.user.role.update,
org.billing.manage,
org.domain.view,
org.domain.manage,
org.kb.create,
org.profile.update,
org.role.manage,
org.notification.channel.view,
org.notification.channel.manage,
org.notification.rule.view,
org.notification.rule.manage
description
string | null

Optional human-readable description.

Response

Role created

A role with its full set of granted actions.

actions
enum<string>[]
required

Domain actions this role grants. May be empty.

A domain action a role can grant. Action keys follow <scope>.<resource>.<verb> (e.g. org.project.create).

Available options:
org.project.create,
org.user.view,
org.user.invite,
org.user.remove,
org.user.role.update,
org.billing.manage,
org.domain.view,
org.domain.manage,
org.kb.create,
org.profile.update,
org.role.manage,
org.notification.channel.view,
org.notification.channel.manage,
org.notification.rule.view,
org.notification.rule.manage
created_at
string<date-time>
required
id
string
required

Stable role identifier. Pass as role_id to PATCH /orgs/{org_id}/users to assign this role to a member.

name
string
required

Role name. Unique within the organization (and globally for system roles).

source
enum<string>
required

Whether a role is a built-in preset or defined by the organization. system roles are read-only; custom roles can be edited or deleted by an organization admin.

Available options:
system,
custom
updated_at
string<date-time>
required
description
string | null

Optional human-readable description.