Hybrid Data Pipeline user accounts must have at least one assigned role. A role is defined by the permissions that are associated with it. The Roles API can be used to create, view, modify, and delete roles, and, more generally, manage roles and the users associated with them.

Note: The system administrator, tenant administrator, and user roles are predefined. These roles cannot be deleted, and only the users associated with them via the "users" property can be modified. Other properties, such as "name" and "permissions," cannot be modified.

In a single-tenant environment, all roles belong to the default system tenant. In a multitenant environment, roles must belong to specific tenants. One role cannot be used across multiple tenants. When creating a new tenant using the Tenant API, roles in the system tenant can be imported to the new tenant. The imported role is given its own ID and can only be assigned to users in the new tenant.

Any user with the Administrator (12) permission is in effect a system administrator. System administrators can create, view, modify, and delete roles in all tenants across the system. In contrast, administrator users who do not have the Administrator permission must be granted permissions for specific operations and administrative access on the tenant which they are administering.

The Roles API can be used to perform the operations described in the following table.

Operation Request URL
Returns list of available roles GET https://<myserver>:<port>/api/admin/roles
Creates a new role POST https://<myserver>:<port>/api/admin/roles
Returns details on the specified role GET https://<myserver>:<port>/api/admin/roles/{id}
Updates the specified role PUT https://<myserver>:<port>/api/admin/roles/{id}
Deletes the specified role DELETE https://<myserver>:<port>/api/admin/roles/{id}