> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timbal.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Update Organization Role

> Partially update a custom organization role.



## OpenAPI

````yaml PATCH /orgs/{org_id}/iam/roles/{role_id}
openapi: 3.1.0
info:
  title: Timbal Platform API
  description: Public API documentation for the Timbal platform
  license:
    name: ''
  version: 2.0.0
servers:
  - url: https://api.timbal.ai
    description: Production
  - url: https://api.dev.timbal.ai
    description: Development
security: []
tags:
  - name: ace
    description: Action Control Engine (ACE) operations
  - name: analytics
    description: Project analytics
  - name: billing
    description: Subscriptions, usage, and payment-related operations
  - name: content
    description: Re-sign stored content URLs
  - name: files
    description: File operations
  - name: iam
    description: IAM — actions, roles, users, and authorization introspection
  - name: k2
    description: Knowledge Bases v2 operations
  - name: orgs
    description: Organization operations
  - name: projects
    description: Project operations
  - name: runs
    description: Execution operations
  - name: templates
    description: Public project template catalog
  - name: users
    description: Authenticated user profile
paths:
  /orgs/{org_id}/iam/roles/{role_id}:
    patch:
      tags:
        - iam
      description: Partially update a custom organization role.
      operationId: handler
      parameters:
        - name: org_id
          in: path
          required: true
          schema:
            type: string
        - name: role_id
          in: path
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EditRoleReqBody'
        required: true
      responses:
        '200':
          description: Role updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleDetail'
        '403':
          description: Forbidden or system role (immutable)
        '404':
          description: Role not found
        '409':
          description: A role with that name already exists
        '422':
          description: Unprocessable entity
      security:
        - bearer_auth: []
components:
  schemas:
    EditRoleReqBody:
      type: object
      properties:
        description:
          type:
            - string
            - 'null'
          description: Human-readable description. Pass `null` to clear.
        grants:
          type:
            - array
            - 'null'
          items:
            $ref: '#/components/schemas/RoleGrant'
          description: Full replacement of the role's grant set.
        name:
          type:
            - string
            - 'null'
          description: New role name. Reserved system names rejected.
    RoleDetail:
      type: object
      description: A role with its full grant set.
      required:
        - id
        - name
        - source
        - grants
        - created_at
        - updated_at
      properties:
        created_at:
          type: string
          format: date-time
        description:
          type:
            - string
            - 'null'
        grants:
          type: array
          items:
            $ref: '#/components/schemas/RoleGrant'
          description: Domain grants this role carries. May be empty.
        id:
          type: string
        name:
          type: string
        source:
          $ref: '#/components/schemas/RoleSource'
        updated_at:
          type: string
          format: date-time
    RoleGrant:
      type: object
      description: >-
        A single grant on a role — `(effect, action, resource?, condition?)`.


        `resource` is `None` for `ResourceKind::None` actions (`users.read`),

        or a hierarchical path like `projects:42:envs:5` (or
        `projects:42:envs:*`)

        for typed actions.


        `condition` is opaque JSON reserved for future ABAC; ignored by the

        evaluator in v1, accepted and stored as-is by writes.
      required:
        - effect
        - action
      properties:
        action:
          type: string
        condition: {}
        effect:
          $ref: '#/components/schemas/GrantEffect'
        resource:
          type:
            - string
            - 'null'
    RoleSource:
      type: string
      description: |-
        Whether a role is a built-in preset or defined by the organization.
        `system` roles are read-only; `custom` roles can be edited or deleted
        by an organization admin.
      enum:
        - system
        - custom
    GrantEffect:
      type: string
      description: Effect of a [`RoleGrant`]. `deny` wins at eval time.
      enum:
        - allow
        - deny
  securitySchemes:
    bearer_auth:
      type: http
      scheme: bearer
      description: >-
        Timbal API key. Obtain your API key from the Timbal platform settings.
        See [Authentication](/api-reference/authentication) for more
        information.

````