Roles Management
Role-based access control: roles, permissions and assignments.
📄️ List Roles
Return every role (built-in and custom) defined for the caller's tenant, including each role's metadata and full permission set.
📄️ Create Role
Create a custom role scoped to the caller's tenant with the given name, description, and permission set. Responds 201 with a Location header on success and 409 when a role with the same name already exists.
📄️ Get Role
Return metadata and the full permission set for a single role identified by role_id. Responds 404 when the role does not exist in the caller's tenant.
📄️ Update Role
Partially update a role's name, description, and/or permissions. Built-in roles cannot be renamed (422) but may have their permission set edited. Responds 404 for an unknown role and 409 when the new name clashes with an existing role.
📄️ Delete Role
Delete a custom role along with its permission policies and user assignments. Built-in roles cannot be deleted (409). Responds 404 when the role does not exist in the caller's tenant.
📄️ Assign Role to User
Assign the role given by role_id in the request body to the user identified by the user_id path parameter. The operation is idempotent and responds 404 when the user or role does not exist in the caller's tenant.
📄️ Revoke Role from User
Remove the assignment of the given role from the given user. Responds 204 on success and 404 when the user or role does not exist in the caller's tenant.
📄️ List Permissions
Return the complete catalog of assignable endpoint permissions grouped by resource category (Client, Finding, Repository, etc.), with each entry's action verb and description. Used to populate role editors.