Create Organization Role

curl --request POST \ --url https://api.timbal.ai/orgs/{org_id}/iam/roles \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "name": "<string>", "description": "<string>", "grants": [ { "action": "<string>", "condition": "<unknown>", "resource": "<string>" } ] } '

{ "created_at": "2023-11-07T05:31:56Z", "grants": [ { "action": "<string>", "condition": "<unknown>", "resource": "<string>" } ], "id": "<string>", "name": "<string>", "updated_at": "2023-11-07T05:31:56Z", "description": "<string>" }

Authorizations

Authorization

string

header

required

Timbal API key. Obtain your API key from the Timbal platform settings. See Authentication for more information.

Path Parameters

org_id

string

required

Body

application/json

name

string

required

Role name. Must be unique within the org. Reserved system names (admin, developer, billing, member, user) are rejected.

description

string | null

grants

object[]

Grants this role carries. Empty list is allowed (creates a no-op role; admin can extend it later).

Show child attributes

Response

Role created

A role with its full grant set.

created_at

string<date-time>

required

grants

object[]

required

Domain grants this role carries. May be empty.

Show child attributes

string

required

name

string

required

source

enum<string>

required

Whether a role is a built-in preset or defined by the organization. system roles are read-only; custom roles can be edited or deleted by an organization admin.

Available options:

system,

custom

updated_at

string<date-time>

required

description

string | null