REST API Reference > Platform REST API version 3 resources > Roles
  

Roles

A role is a collection of privileges that you can assign to users and groups. Use the roles resource to get the details for roles in your organization. You can also use this resource to create, update, and delete custom roles.
Note: This resource uses a dynamic rate limit. When the system experiences a large volume or size of requests, responses might be slow or fail with the error message, "too many requests."

Getting role details

You can request the details for all of your organization's roles or request the details for a particular role.

GET request

To get role details, use the following URI:
/public/core/v3/roles
To get the details for a particular role, you can include the following query parameters in the URI:
Parameter
Type
Description
q
String
Query filter. You can filter using one of the following fields:
  • - roleId. Unique identifier for the role.
  • - roleName. Name of the role.
expand
String
Returns the privileges associated with the role specified in the query filter.
Include the following phrase in the query:
expand=privileges
For example, to get details for the Business Manager role including privileges, you might use the following request:
/public/core/v3/roles?q=roleName=="Business Manager"&expand=privileges

GET response

If successful, returns the following information for each role:
Field
Type
Description
id
String
Role ID.
orgId
String
ID of the organization the role belongs to.
createdBy
String
User who created the role.
updatedBy
String
User who last updated the role.
createTime
String
Date and time the role was created.
updateTime
String
Date and time the role was last updated.
roleName
String
Name of the role.
description
String
Description of the role.
displayName
String
Role name displayed in the user interface.
displayDescription
String
Description displayed in the user interface.
systemRole
Boolean
Whether the role is a system-defined role. Returns one of the following values:
  • - True. Role is a system-defined role.
  • - False. Role is a custom role.
status
String
Whether the organization's license to use the role is valid or has expired. Returns one of the following values:
  • - Enabled
  • - Disabled
privileges
Array
Privileges assigned to the role.
Returned only when the URI includes ?expand=privileges in a query.
id
String
Included in the privileges object.
Privilege ID.
name
String
Included in the privileges object.
Privilege name.
description
String
Included in the privileges object.
Description of the privilege.
service
String
Included in the privileges object.
The Informatica Intelligent Cloud Services service that uses the privilege.
status
String
Included in the privileges object.
Whether the organization's license to use the privilege is valid or has expired. Returns one of the following values:
  • - Enabled
  • - Disabled

GET response example

You might receive a response similar to the following example:
[
{
"id": "7EjAMAHsiOTcg8v29z0Gsl",
"orgId": "52ZSTB0IDK6dXxaEQLUaQu",
"createdBy": "ops-post-deploy-user",
"updatedBy": "ops-post-deploy-user",
"createTime": "2019-03-22T21:26:46.000Z",
"updateTime": "2019-03-22T21:26:52.000Z",
"roleName": "Business Manager",
"description": "Role used for business managers",
"displayName": "Application Integration Business Manager",
"displayDescription": "Role used for business managers",
"systemRole": true,
"status": "Disabled",
"privileges": [
{
"id": "5Cgp0GcsmRejyxIgV4eXy1",
"name": "view.ai.console",
"description": "View application integration console",
"service": "ApplicationIntegration",
"status": "Disabled"
},
{
"id": "aReU2uciLYglcq0Ntvc2Ob",
"name": "view.ai.assets",
"description": "View application integration assets",
"service": "ApplicationIntegration",
"status": "Disabled"
},
{
"id": "8zDel5v89cKfeMtM2FHFEw",
"name": "view.ai.designer",
"description": "View application integration designer",
"service": "ApplicationIntegration",
"status": "Disabled"
}
]
}
]

Creating a role

You can create custom roles for your organization.

POST request

To create a custom role, send a POST request using the following URI:
/public/core/v3/roles
Note: The number of users, user groups, and roles combined cannot exceed 1000 for an organization.
Include the following information:
Field
Type
Required
Description
name
String
Yes
Name of the role.
description
String
-
Description of the role.
privileges
Array
Yes
IDs of the privileges to assign to the role. A role must have at least one privilege assigned to it.

POST response

If successful, returns the roles object with the details you included in the POST request.

POST example

To create a custom role, you might send a request similar to the following example:
POST <baseApiUrl>/public/core/v3/roles
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: <sessionId>
{
"name" : "CAIviewer",
"description": "A role to view Application Integration designer and assets",
"privileges" : ["aQwUdcM8RcQewA1yWphZ4F", "0nTOXl8dzEwlSFoM0cO8gI"]
}
You might receive a response similar to the following example:
{
"id": "8j2MPlr8ubZgteIOwleSCk",
"orgId": "cPYWk02I4aBeuLEvYRtaMS",
"createdBy": "a@abc.com",
"updatedBy": "a@abc.com",
"createTime": "2019-03-20T18:33:33.361Z",
"updateTime": "2019-03-20T18:33:33.428Z",
"roleName": "CAIviewer",
"description": "A role to view Application Integration designer and assets",
"displayName": "CAIviewer",
"displayDescription": "A role to view Application Integration designer and assets",
"systemRole": false,
"status": "Enabled",
"privileges": [
{
"id": "0nTOXl8dzEwlSFoM0cO8gI",
"name": "view.ai.designer",
"description": "View application integration designer"
},
{
"id": "aQwUdcM8RcQewA1yWphZ4F",
"name": "view.ai.assets",
"description": "View application integration assets"
}
]
}

Updating a role

You can add or remove privileges for custom roles.

Add privileges

To add privileges to a custom role, send a PUT request using one of the following URIs:
/public/core/v3/roles/<role ID>/addPrivileges
/public/core/v3/roles/name/<role name>/addPrivileges
Include an array of privilege names for the custom role.
For example, to give a role create and delete privileges for data transfer tasks, you might use the following request:
PUT <baseApiUrl>/public/core/v3/roles/cPYWk02I4aBeuLEvYRtaMS/addPrivileges
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: <sessionId>
{
"privileges" : ["create.data.transfer.task", "delete.data.transfer.task"]
}
You can use the privileges resource to get a list of privilege names that you can use. For more information, see Privileges.

Remove privileges

To remove privileges from a custom role, send a PUT request using one of the following URIs:
/public/core/v3/roles/<role ID>/removePrivileges
/public/core/v3/roles/name/<role name>/removePrivileges
You can't remove all of the privileges from a role. A role must have at least one privilege assigned to it.
Include an array of privilege names to remove for the custom role.
For example, to remove create and delete privileges for API collection from a role, you might use the following request:
PUT <baseApiUrl>/public/core/v3/roles/cPYWk053KnrUerLvYRtaMS/removePrivileges
Content-Type: application/json
Accept: application/json
INFA-SESSION-ID: <sessionId>
{
"privileges" : ["create.api.collection", "delete.api.collection"]
}

Deleting a role

You can delete custom roles from your organization.
To delete a role, send a DELETE request using the following URI:
/public/core/v3/roles/<role ID>