# 역할

## 개요

다음 API 작업을 사용하여 상호작용합니다 [사용자 역할](https://docs.panther.com/ko/system-configuration/rbac#panther-user-roles) Panther에서.

API를 호출하려면, [Panther REST API 사용 방법](https://docs.panther.com/ko/panther/api/rest/..#how-to-use-the-panther-rest-api) 지침을 참조하세요— [이 문서 페이지에서 직접 호출하는 방법에 대한 지침을 포함합니다](https://docs.panther.com/ko/panther/api/rest/..#step-3-invoke-the-panther-rest-api).

## 필요 권한

* 다음의 경우 `GET` 작업의 경우, API 토큰은 다음을 갖고 있어야 합니다 `Read User Info` 권한.
* 다음의 경우 `POST` 및 `DELETE` 작업의 경우, API 토큰은 다음을 갖고 있어야 합니다 `Manage Users` 권한.

## 작업

## POST /roles

> Create a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.ModifyRole":{"type":"object","properties":{"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}}},"required":["name","permissions"]},"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]},"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles":{"post":{"tags":["role"],"summary":"Create a role","operationId":"role#create","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.ModifyRole"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.Role"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}}}}}}}
```

## GET /roles/{id}

> Get a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]},"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"RoleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles/{id}":{"get":{"tags":["role"],"summary":"Get a role","operationId":"role#get","parameters":[{"name":"id","in":"path","description":"ID of the role","required":true,"schema":{"type":"string","description":"ID of the role"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.Role"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.NotFoundError"}}}}}}}}}
```

## POST /roles/{id}

> Update a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.ModifyRole":{"type":"object","properties":{"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}}},"required":["name","permissions"]},"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]},"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"RoleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles/{id}":{"post":{"tags":["role"],"summary":"Update a role","operationId":"role#update","parameters":[{"name":"id","in":"path","description":"ID of the role","required":true,"schema":{"type":"string","description":"ID of the role"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.ModifyRole"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.Role"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.NotFoundError"}}}}}}}}}
```

## DELETE /roles/{id}

> Delete a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"RoleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles/{id}":{"delete":{"tags":["role"],"summary":"Delete a role","operationId":"role#delete","parameters":[{"name":"id","in":"path","description":"ID of the role","required":true,"schema":{"type":"string","description":"ID of the role"}}],"responses":{"200":{"description":"OK response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.NotFoundError"}}}}}}}}}
```

## GET /roles

> List roles

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"Pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/RoleAPI.Role"}}},"required":["results"]},"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]}}},"paths":{"/roles":{"get":{"tags":["role"],"summary":"List roles","operationId":"role#list","parameters":[{"name":"name-contains","in":"query","description":"A string to search for in the Role name","allowEmptyValue":true,"schema":{"type":"string","description":"A string to search for in the Role name"}},{"name":"name","in":"query","description":"An exact match of a role's name to return. If provided all other parameters are ignored","allowEmptyValue":true,"schema":{"type":"string","description":"An exact match of a role's name to return. If provided all other parameters are ignored"}},{"name":"id","in":"query","description":"Set of IDS to return","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Set of IDS to return"}},{"name":"ids","in":"query","description":"A comma delimited list of IDs","allowEmptyValue":true,"schema":{"type":"string","description":"A comma delimited list of IDs"}},{"name":"sort-dir","in":"query","description":"The sort direction of the results","allowEmptyValue":true,"schema":{"type":"string","description":"The sort direction of the results","default":"asc","enum":["asc","desc"]}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.ListResp"}}}}}}}}}
```