Skip to main content
POST
/
v2
/
roles
curl --request POST \
  --url https://api.arize.com/v2/roles \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "AI Engineer",
  "permissions": [
    "PROJECT_READ",
    "DATASET_READ",
    "DATASET_CREATE"
  ]
}
'
{
  "id": "Um9sZToxOmFCY0Q=",
  "name": "Data Scientist",
  "description": "Can read and create datasets and experiments.",
  "permissions": [
    "PROJECT_READ",
    "DATASET_READ",
    "DATASET_CREATE"
  ],
  "is_predefined": false,
  "created_at": "2024-06-01T10:00:00Z",
  "updated_at": "2024-06-01T10:00:00Z"
}

Authorizations

Authorization
string
header
required

Most Arize AI endpoints require authentication. For those endpoints that require authentication, include your API key in the request header using the format

Body

application/json

Body containing role creation parameters.

name
string
required

Human-readable name for the role. Must be unique within the account.

Maximum string length: 255
Example:

"AI Engineer"

permissions
enum<string>[]
required

List of permissions to grant. At least one permission is required. Each value must be a valid permission identifier (e.g. PROJECT_READ, DATASET_CREATE).

Minimum array length: 1

A permission identifier following the pattern {RESOURCE}_{ACTION}. Auto-generated from proto/auth/protocol/permissions.proto.

Available options:
AI_PROVIDER_READ,
ALYX_RUN,
ANNOTATION_CONFIG_CREATE,
ANNOTATION_CONFIG_DELETE,
ANNOTATION_CONFIG_READ,
ANNOTATION_CONFIG_UPDATE,
CUSTOM_METRIC_CREATE,
CUSTOM_METRIC_DELETE,
CUSTOM_METRIC_READ,
CUSTOM_METRIC_UPDATE,
DASHBOARD_CREATE,
DASHBOARD_DELETE,
DASHBOARD_READ,
DASHBOARD_UPDATE,
DATASET_CREATE,
DATASET_DELETE,
DATASET_EXAMPLE_ANNOTATE,
DATASET_EXAMPLE_CREATE,
DATASET_EXAMPLE_DELETE,
DATASET_EXAMPLE_READ,
DATASET_EXAMPLE_UPDATE,
DATASET_READ,
DATASET_UPDATE,
DATA_FABRIC_CONNECTOR_CREATE,
DATA_FABRIC_CONNECTOR_DELETE,
DATA_FABRIC_CONNECTOR_READ,
DATA_FABRIC_CONNECTOR_UPDATE,
EVALUATOR_CREATE,
EVALUATOR_DELETE,
EVALUATOR_READ,
EVALUATOR_UPDATE,
EXPERIMENT_CREATE,
EXPERIMENT_DELETE,
EXPERIMENT_EVAL_TASK_CREATE,
EXPERIMENT_EVAL_TASK_DELETE,
EXPERIMENT_EVAL_TASK_READ,
EXPERIMENT_EVAL_TASK_UPDATE,
EXPERIMENT_READ,
EXPERIMENT_RUN_ANNOTATE,
EXPERIMENT_RUN_READ,
EXPERIMENT_UPDATE,
FILE_IMPORT_CREATE,
FILE_IMPORT_DELETE,
FILE_IMPORT_READ,
FILE_IMPORT_UPDATE,
ML_MODEL_CREATE,
ML_MODEL_DELETE,
ML_MODEL_READ,
ML_MODEL_UPDATE,
MONITOR_CREATE,
MONITOR_DELETE,
MONITOR_READ,
MONITOR_TRIGGER,
MONITOR_UPDATE,
ORGANIZATION_CREATE,
ORGANIZATION_DELETE,
ORGANIZATION_READ,
ORGANIZATION_UPDATE,
PLAYGROUND_RUN,
PLAYGROUND_VIEW_CREATE,
PLAYGROUND_VIEW_DELETE,
PLAYGROUND_VIEW_READ,
PLAYGROUND_VIEW_UPDATE,
PROJECT_CREATE,
PROJECT_DELETE,
PROJECT_EVAL_TASK_CREATE,
PROJECT_EVAL_TASK_DELETE,
PROJECT_EVAL_TASK_READ,
PROJECT_EVAL_TASK_UPDATE,
PROJECT_READ,
PROJECT_RESTRICT,
PROJECT_SPAN_ANNOTATE,
PROJECT_SPAN_CREATE,
PROJECT_SPAN_DELETE,
PROJECT_SPAN_READ,
PROJECT_SPAN_UPDATE,
PROJECT_UPDATE,
PROMPT_CREATE,
PROMPT_DELETE,
PROMPT_OPTIMIZE_TASK_CREATE,
PROMPT_OPTIMIZE_TASK_DELETE,
PROMPT_OPTIMIZE_TASK_READ,
PROMPT_OPTIMIZE_TASK_UPDATE,
PROMPT_READ,
PROMPT_UPDATE,
QUEUE_CREATE,
QUEUE_DELETE,
QUEUE_READ,
QUEUE_RECORD_ANNOTATE,
QUEUE_RECORD_CREATE,
QUEUE_RECORD_DELETE,
QUEUE_RECORD_READ,
QUEUE_RECORD_UPDATE,
QUEUE_UPDATE,
REMOTE_ENDPOINT_INTEGRATION_CREATE,
REMOTE_ENDPOINT_INTEGRATION_DELETE,
REMOTE_ENDPOINT_INTEGRATION_READ,
REMOTE_ENDPOINT_INTEGRATION_UPDATE,
ROLE_BINDING_CREATE,
ROLE_BINDING_DELETE,
ROLE_BINDING_READ,
SERVICE_KEY_CREATE,
SERVICE_KEY_DELETE,
SERVICE_KEY_READ,
SPACE_CREATE,
SPACE_DELETE,
SPACE_READ,
SPACE_UPDATE,
TAG_CREATE,
TAG_DELETE,
TAG_READ,
TAG_UPDATE,
TRACE_VIEW_CREATE,
TRACE_VIEW_DELETE,
TRACE_VIEW_READ,
TRACE_VIEW_UPDATE,
USER_CREATE,
USER_DELETE,
USER_PERMISSION_UPDATE,
USER_READ,
USER_UPDATE
Example:
[
  "PROJECT_READ",
  "DATASET_READ",
  "DATASET_CREATE",
  "EXPERIMENT_READ",
  "EXPERIMENT_CREATE"
]
description
string

Optional description of the role's purpose. Omitted from the response if empty.

Maximum string length: 1000
Example:

"Can read and create datasets and experiments but cannot manage spaces."

Response

Role successfully created.

id
string
required

Unique identifier for the role.

name
string
required

Human-readable name of the role.

permissions
enum<string>[]
required

List of permissions granted by this role. Each value corresponds to a permission identifier (e.g. PROJECT_READ, DATASET_CREATE).

A permission identifier following the pattern {RESOURCE}_{ACTION}. Auto-generated from proto/auth/protocol/permissions.proto.

Available options:
AI_PROVIDER_READ,
ALYX_RUN,
ANNOTATION_CONFIG_CREATE,
ANNOTATION_CONFIG_DELETE,
ANNOTATION_CONFIG_READ,
ANNOTATION_CONFIG_UPDATE,
CUSTOM_METRIC_CREATE,
CUSTOM_METRIC_DELETE,
CUSTOM_METRIC_READ,
CUSTOM_METRIC_UPDATE,
DASHBOARD_CREATE,
DASHBOARD_DELETE,
DASHBOARD_READ,
DASHBOARD_UPDATE,
DATASET_CREATE,
DATASET_DELETE,
DATASET_EXAMPLE_ANNOTATE,
DATASET_EXAMPLE_CREATE,
DATASET_EXAMPLE_DELETE,
DATASET_EXAMPLE_READ,
DATASET_EXAMPLE_UPDATE,
DATASET_READ,
DATASET_UPDATE,
DATA_FABRIC_CONNECTOR_CREATE,
DATA_FABRIC_CONNECTOR_DELETE,
DATA_FABRIC_CONNECTOR_READ,
DATA_FABRIC_CONNECTOR_UPDATE,
EVALUATOR_CREATE,
EVALUATOR_DELETE,
EVALUATOR_READ,
EVALUATOR_UPDATE,
EXPERIMENT_CREATE,
EXPERIMENT_DELETE,
EXPERIMENT_EVAL_TASK_CREATE,
EXPERIMENT_EVAL_TASK_DELETE,
EXPERIMENT_EVAL_TASK_READ,
EXPERIMENT_EVAL_TASK_UPDATE,
EXPERIMENT_READ,
EXPERIMENT_RUN_ANNOTATE,
EXPERIMENT_RUN_READ,
EXPERIMENT_UPDATE,
FILE_IMPORT_CREATE,
FILE_IMPORT_DELETE,
FILE_IMPORT_READ,
FILE_IMPORT_UPDATE,
ML_MODEL_CREATE,
ML_MODEL_DELETE,
ML_MODEL_READ,
ML_MODEL_UPDATE,
MONITOR_CREATE,
MONITOR_DELETE,
MONITOR_READ,
MONITOR_TRIGGER,
MONITOR_UPDATE,
ORGANIZATION_CREATE,
ORGANIZATION_DELETE,
ORGANIZATION_READ,
ORGANIZATION_UPDATE,
PLAYGROUND_RUN,
PLAYGROUND_VIEW_CREATE,
PLAYGROUND_VIEW_DELETE,
PLAYGROUND_VIEW_READ,
PLAYGROUND_VIEW_UPDATE,
PROJECT_CREATE,
PROJECT_DELETE,
PROJECT_EVAL_TASK_CREATE,
PROJECT_EVAL_TASK_DELETE,
PROJECT_EVAL_TASK_READ,
PROJECT_EVAL_TASK_UPDATE,
PROJECT_READ,
PROJECT_RESTRICT,
PROJECT_SPAN_ANNOTATE,
PROJECT_SPAN_CREATE,
PROJECT_SPAN_DELETE,
PROJECT_SPAN_READ,
PROJECT_SPAN_UPDATE,
PROJECT_UPDATE,
PROMPT_CREATE,
PROMPT_DELETE,
PROMPT_OPTIMIZE_TASK_CREATE,
PROMPT_OPTIMIZE_TASK_DELETE,
PROMPT_OPTIMIZE_TASK_READ,
PROMPT_OPTIMIZE_TASK_UPDATE,
PROMPT_READ,
PROMPT_UPDATE,
QUEUE_CREATE,
QUEUE_DELETE,
QUEUE_READ,
QUEUE_RECORD_ANNOTATE,
QUEUE_RECORD_CREATE,
QUEUE_RECORD_DELETE,
QUEUE_RECORD_READ,
QUEUE_RECORD_UPDATE,
QUEUE_UPDATE,
REMOTE_ENDPOINT_INTEGRATION_CREATE,
REMOTE_ENDPOINT_INTEGRATION_DELETE,
REMOTE_ENDPOINT_INTEGRATION_READ,
REMOTE_ENDPOINT_INTEGRATION_UPDATE,
ROLE_BINDING_CREATE,
ROLE_BINDING_DELETE,
ROLE_BINDING_READ,
SERVICE_KEY_CREATE,
SERVICE_KEY_DELETE,
SERVICE_KEY_READ,
SPACE_CREATE,
SPACE_DELETE,
SPACE_READ,
SPACE_UPDATE,
TAG_CREATE,
TAG_DELETE,
TAG_READ,
TAG_UPDATE,
TRACE_VIEW_CREATE,
TRACE_VIEW_DELETE,
TRACE_VIEW_READ,
TRACE_VIEW_UPDATE,
USER_CREATE,
USER_DELETE,
USER_PERMISSION_UPDATE,
USER_READ,
USER_UPDATE
is_predefined
boolean
required

Whether this role is a system-defined predefined role. Predefined roles cannot be updated or deleted.

created_at
string<date-time>
required

Timestamp when the role was created.

updated_at
string<date-time>
required

Timestamp when the role was last updated.

description
string

A brief description of the role's purpose.