Roles API

Roles are groups of permissions that allow access to the UI and the REST APIs. See Roles for details.

Security Realms can be configured to use LDAP group membership to assign Roles to users. See the LDAP configuration instructions for details.

Create, Update or Delete Roles

The endpoint for this request can take the role ID as a request parameter:


The role ID string is generated by Fusion when the role is created.

A GET request returns the configured roles for a specific ID. If the ID is omitted from the path, all roles will be returned.

A POST request creates a new role. When creating a new role, the request path is /api/roles. If the role is created, the request returns the role ID.

A PUT request updates an existing role.

A DELETE request will remove the role configuration.

Role Specification

To create or update a Role via a POST or PUT request, the request body is a JSON object with the following attributes:

Property Description


A string containing the role name.


A string containing a brief text description, for display on the Access Control "ROLES" panel.


A list of permissions, specified in JSON notation. See section Permissions for details.


A list of names of UI components.

The following example describes a role with permissions to access Fusion Dashboards for collection "mdb1":

  "desc":"can access/use analytics dashboard \"mdb1\" but not allowed to change dashboard controls.",


Get the details for the role with id '3416c03a-31df-4103-b446-358f6790af3e':


curl -u user:pass http://localhost:8764/api/roles/3416c03a-31df-4103-b446-358f6790af3e


  "desc":"Provides read-only/required permissions for the Fusion Search UI."