The Provisioning API can be used to create, update, and delete custom roles. There are always 2 default roles in each domain that cannot be deleted neither modified (Admin and No Privileges). We call custom roles to the roles that can be created and fully managed. A role is an entity that can be assigned to users in order to provide them with permissions or access to resources.
Those resources are:
Policies: Allow the user to perform specific operations on the platform.
Custom finder: The set of accessible tables for a specific role.
User resources: Activeboards, Panels and Dashboards.
Alert permissions: Specific permissions for allowing a role access or management control to an alert category, subcategory, or the alert itself.
Vaulting values: Maximum and default vault values for establishing the priority when the role users perform a query.
User resources are those assets that are created by a user; that’s why applications are not user resources. Applications have a different ownership lifecycle. For example, if a user is deleted, the resources he created will be reassigned to the domain’s owner. That does not happen with an application.
Domain custom roles
Creates a new custom role. See the required parameters and more information here.
Retrieves all the roles belonging to the specified domain.
Retrieves information about the specified role.
Deletes the specified role. Note that roles cannot be deleted if they are assigned to one or several users.
Updates a specified role.