# Roles

## Overview

Use these API operations to interact with [user roles](https://docs.panther.com/system-configuration/rbac#panther-user-roles) in Panther.

To call the API, see the [How to use the Panther REST API](https://docs.panther.com/panther-developer-workflows/api/rest/..#how-to-use-the-panther-rest-api) instructions—including [directions for how to invoke it directly from this documentation page](https://docs.panther.com/panther-developer-workflows/api/rest/..#step-3-invoke-the-panther-rest-api).

## Required permissions

* For `GET` operations, your API token must have the `Read User Info` permission.
* For `POST` and `DELETE` operations, your API token must have the `Manage Users` permission.

## Operations

## POST /roles

> Create a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.ModifyRole":{"type":"object","properties":{"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}}},"required":["name","permissions"]},"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]},"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles":{"post":{"tags":["role"],"summary":"Create a role","operationId":"role#create","requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.ModifyRole"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.Role"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}}}}}}}
```

## GET /roles/{id}

> Get a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]},"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"RoleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles/{id}":{"get":{"tags":["role"],"summary":"Get a role","operationId":"role#get","parameters":[{"name":"id","in":"path","description":"ID of the role","required":true,"schema":{"type":"string","description":"ID of the role"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.Role"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.NotFoundError"}}}}}}}}}
```

## POST /roles/{id}

> Update a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.ModifyRole":{"type":"object","properties":{"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}}},"required":["name","permissions"]},"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]},"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"RoleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles/{id}":{"post":{"tags":["role"],"summary":"Update a role","operationId":"role#update","parameters":[{"name":"id","in":"path","description":"ID of the role","required":true,"schema":{"type":"string","description":"ID of the role"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.ModifyRole"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.Role"}}}},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.NotFoundError"}}}}}}}}}
```

## DELETE /roles/{id}

> Delete a role

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.BadRequestError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]},"RoleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/roles/{id}":{"delete":{"tags":["role"],"summary":"Delete a role","operationId":"role#delete","parameters":[{"name":"id","in":"path","description":"ID of the role","required":true,"schema":{"type":"string","description":"ID of the role"}}],"responses":{"200":{"description":"OK response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.BadRequestError"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.NotFoundError"}}}}}}}}}
```

## GET /roles

> List roles

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"role","description":"The role api handles all operations for roles"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"RoleAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"Pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/RoleAPI.Role"}}},"required":["results"]},"RoleAPI.Role":{"type":"object","properties":{"createdAt":{"type":"string"},"id":{"type":"string","description":"ID of the role"},"logTypeAccess":{"type":"array","items":{"type":"string"},"description":"The log types that the role can or cannot access, according to the `logTypeAccessKind` field. This field should be omitted if `logTypeAccessKind` has a value of `ALLOW_ALL` or `DENY_ALL`"},"logTypeAccessKind":{"type":"string","description":"Defines the role's access to log types. This field is required and has effect only if the datalake RBAC feature is enabled.","enum":["ALLOW","ALLOW_ALL","DENY","DENY_ALL"]},"name":{"type":"string","description":"The name of the role"},"permissions":{"type":"array","items":{"type":"string","enum":["AIRunAsModify","AlertModify","AlertRead","BulkUpload","BulkUploadValidate","CloudsecSourceModify","CloudsecSourceRead","DataAnalyticsModify","DataAnalyticsRead","DestinationModify","DestinationRead","GeneralSettingsModify","GeneralSettingsRead","LogSourceModify","LogSourceRawDataRead","LogSourceRead","LookupModify","LookupRead","ManageAIResponses","ManageAISkills","McpServerModify","McpServerRead","OrganizationAPITokenModify","OrganizationAPITokenRead","PolicyModify","PolicyRead","ResourceModify","ResourceRead","RuleModify","RuleRead","RunPantherAI","SummaryRead","UserModify","UserRead","ViewAIPrivateResponses","ViewAISkills"]}},"updatedAt":{"type":"string"}},"required":["name","permissions","logTypeAccessKind"]}}},"paths":{"/roles":{"get":{"tags":["role"],"summary":"List roles","operationId":"role#list","parameters":[{"name":"name-contains","in":"query","description":"A string to search for in the Role name","allowEmptyValue":true,"schema":{"type":"string","description":"A string to search for in the Role name"}},{"name":"name","in":"query","description":"An exact match of a role's name to return. If provided all other parameters are ignored","allowEmptyValue":true,"schema":{"type":"string","description":"An exact match of a role's name to return. If provided all other parameters are ignored"}},{"name":"id","in":"query","description":"Set of IDS to return","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Set of IDS to return"}},{"name":"ids","in":"query","description":"A comma delimited list of IDs","allowEmptyValue":true,"schema":{"type":"string","description":"A comma delimited list of IDs"}},{"name":"sort-dir","in":"query","description":"The sort direction of the results","allowEmptyValue":true,"schema":{"type":"string","description":"The sort direction of the results","default":"asc","enum":["asc","desc"]}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/RoleAPI.ListResp"}}}}}}}}}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/panther-developer-workflows/api/rest/roles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.