> ## Documentation Index > Fetch the complete documentation index at: https://infisical.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Create > Create a project role You can read more about the permissions field in the [permissions documentation](/internals/permissions). ## OpenAPI ````yaml POST /api/v1/projects/{projectId}/roles openapi: 3.0.3 info: title: Infisical API description: List of all available APIs that can be consumed version: 0.0.1 servers: - url: https://us.infisical.com description: Production server (US) - url: https://eu.infisical.com description: Production server (EU) - url: http://localhost:8080 description: Local server security: [] paths: /api/v1/projects/{projectId}/roles: post: tags: - Project Roles description: Create a project role parameters: - schema: type: string in: path name: projectId required: true description: Id of the project to create the role for. requestBody: required: true content: application/json: schema: type: object properties: slug: type: string minLength: 1 maxLength: 64 description: The slug of the role. name: type: string minLength: 1 description: The name of the role. description: type: string nullable: true description: The description for the role. permissions: type: array items: anyOf: - type: object properties: subject: type: string enum: - secrets description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - describeSecret - readValue - create - edit - delete - type: array items: type: string enum: - read - describeSecret - readValue - create - edit - delete minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretTags: type: object properties: $in: type: array items: type: string minLength: 1 $all: type: array items: type: string minLength: 1 additionalProperties: false eventType: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-folders description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-imports description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - dynamic-secrets description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read-root-credential - create-root-credential - edit-root-credential - delete-root-credential - lease - type: array items: type: string enum: - read-root-credential - create-root-credential - edit-root-credential - delete-root-credential - lease minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false metadata: type: object properties: $elemMatch: type: object properties: key: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false value: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false required: - $elemMatch additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - identity description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - grant-privileges - assign-role - assign-additional-privileges - assume-privileges - revoke-auth - create-token - get-token - delete-token - type: array items: type: string enum: - read - create - edit - delete - grant-privileges - assign-role - assign-additional-privileges - assume-privileges - revoke-auth - create-token - get-token - delete-token minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: identityId: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false assignableRole: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false assignableSubject: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false assignableAction: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - ssh-hosts description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - issue-host-cert - type: array items: type: string enum: - read - create - edit - delete - issue-host-cert minItems: 1 description: Describe what action an entity can take. inverted: type: boolean description: Whether rule allows or forbids. conditions: type: object properties: hostname: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $glob: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pki-subscribers description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - issue-cert - list-certs - type: array items: type: string enum: - read - create - edit - delete - issue-cert - list-certs minItems: 1 description: Describe what action an entity can take. inverted: type: boolean description: Whether rule allows or forbids. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $glob: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - certificate-templates description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - issue-cert - list-certs - type: array items: type: string enum: - read - create - edit - delete - issue-cert - list-certs minItems: 1 description: Describe what action an entity can take. inverted: type: boolean description: Whether rule allows or forbids. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-rotation description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - read-generated-credentials - create - edit - delete - rotate-secrets - type: array items: type: string enum: - read - read-generated-credentials - create - edit - delete - rotate-secrets minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false connectionId: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-syncs description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - sync-secrets - import-secrets - remove-secrets - type: array items: type: string enum: - read - create - edit - delete - sync-secrets - import-secrets - remove-secrets minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false connectionId: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pki-syncs description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - sync-certificates - import-certificates - remove-certificates - type: array items: type: string enum: - read - create - edit - delete - sync-certificates - import-certificates - remove-certificates minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false subscriberName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-event-subscriptions description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - subscribe-to-creation-events - subscribe-to-update-events - subscribe-to-deletion-events - subscribe-to-import-mutation-events - type: array items: type: string enum: - subscribe-to-creation-events - subscribe-to-update-events - subscribe-to-deletion-events - subscribe-to-import-mutation-events minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false connectionId: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - certificate-profiles description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - issue-cert - reveal-acme-eab-secret - rotate-acme-eab-secret - manage-application-attachments - type: array items: type: string enum: - read - create - edit - delete - issue-cert - reveal-acme-eab-secret - rotate-acme-eab-secret - manage-application-attachments minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: slug: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - certificate-policies description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - certificate-authorities description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - issue-ca-certificate - sign-intermediate - type: array items: type: string enum: - read - create - edit - delete - issue-ca-certificate - sign-intermediate minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - certificates description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - read-private-key - import - type: array items: type: string enum: - read - create - edit - delete - read-private-key - import minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: commonName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false altNames: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false serialNumber: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false friendlyName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false status: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false metadata: type: object properties: $elemMatch: type: object properties: key: type: object properties: $eq: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false value: type: object properties: $eq: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false required: - $elemMatch additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-approval description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-rollback description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - type: array items: type: string enum: - read - create minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - member description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - grant-privileges - assign-role - assign-additional-privileges - assume-privileges - type: array items: type: string enum: - read - create - edit - delete - grant-privileges - assign-role - assign-additional-privileges - assume-privileges minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: userEmail: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false assignableRole: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false assignableSubject: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false assignableAction: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - groups description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - grant-privileges - assign-role - type: array items: type: string enum: - read - create - edit - delete - grant-privileges - assign-role minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: groupName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false assignableRole: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - role description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - integrations description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - webhooks description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - service-tokens description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - settings description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - environments description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - tags description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - audit-logs description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - type: array items: type: string enum: - read minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - insights description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - type: array items: type: string enum: - read minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - ip-allowlist description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - ssh-certificate-authorities description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - ssh-certificates description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - ssh-certificate-templates description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - ssh-host-groups description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pki-alerts description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pki-collections description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - certificate-inventory-views description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pki-discovery description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - run-scan - type: array items: type: string enum: - read - create - edit - delete - run-scan minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pki-certificate-installations description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - edit - delete - type: array items: type: string enum: - read - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - code-signers description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - sign - type: array items: type: string enum: - read - create - edit - delete - sign minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - workspace description: The entity this permission pertains to. action: anyOf: - type: string enum: - edit - delete - type: array items: type: string enum: - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - kms description: The entity this permission pertains to. action: anyOf: - type: string enum: - edit - type: array items: type: string enum: - edit minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - cmek description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - encrypt - decrypt - sign - verify - export-private-key - type: array items: type: string enum: - read - create - edit - delete - encrypt - decrypt - sign - verify - export-private-key minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - kmip description: The entity this permission pertains to. action: anyOf: - type: string enum: - create-clients - update-clients - delete-clients - read-clients - generate-client-certificates - type: array items: type: string enum: - create-clients - update-clients - delete-clients - read-clients - generate-client-certificates minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - commits description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - perform-rollback - type: array items: type: string enum: - read - perform-rollback minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: environment: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false secretPath: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-scanning-data-sources description: The entity this permission pertains to. action: anyOf: - type: string enum: - read-data-sources - create-data-sources - edit-data-sources - delete-data-sources - trigger-data-source-scans - read-data-source-scans - read-data-source-resources - type: array items: type: string enum: - read-data-sources - create-data-sources - edit-data-sources - delete-data-sources - trigger-data-source-scans - read-data-source-scans - read-data-source-resources minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-scanning-findings description: The entity this permission pertains to. action: anyOf: - type: string enum: - read-findings - update-findings - type: array items: type: string enum: - read-findings - update-findings minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-scanning-configs description: The entity this permission pertains to. action: anyOf: - type: string enum: - read-configs - update-configs - type: array items: type: string enum: - read-configs - update-configs minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - app-connections description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read-app-connections - create-app-connections - edit-app-connections - delete-app-connections - connect-app-connections - rotate-credentials - type: array items: type: string enum: - read-app-connections - create-app-connections - edit-app-connections - delete-app-connections - connect-app-connections - rotate-credentials minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: connectionId: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-folders description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-resources description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false resourceType: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false metadata: type: object properties: $elemMatch: type: object properties: key: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false value: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false required: - $elemMatch additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-domains description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false domainType: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false metadata: type: object properties: $elemMatch: type: object properties: key: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false value: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false required: - $elemMatch additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given domain. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-accounts description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - access - read - create - edit - delete - trigger-rotation - read-credentials - type: array items: type: string enum: - access - read - create - edit - delete - trigger-rotation - read-credentials minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: resourceName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false accountName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false resourceType: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false domainName: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false domainType: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false metadata: type: object properties: $elemMatch: type: object properties: key: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false value: type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 additionalProperties: false additionalProperties: false required: - $elemMatch additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-sessions description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - terminate - type: array items: type: string enum: - read - terminate minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-account-policies description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-discovery description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - run-scan - type: array items: type: string enum: - read - create - edit - delete - run-scan minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - pam-insights description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - type: array items: type: string enum: - read minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - mcp-endpoints description: The entity this permission pertains to. inverted: type: boolean description: Whether rule allows or forbids. action: anyOf: - type: string enum: - read - create - edit - delete - connect - type: array items: type: string enum: - read - create - edit - delete - connect minItems: 1 description: Describe what action an entity can take. conditions: type: object properties: name: anyOf: - type: string - type: object properties: $eq: type: string minLength: 1 $ne: type: string minLength: 1 $in: type: array items: type: string minLength: 1 $glob: type: string minLength: 1 additionalProperties: false additionalProperties: false description: >- When specified, only matching conditions will be allowed to access given resource. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - mcp-servers description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - mcp-activity-logs description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - edit - delete - type: array items: type: string enum: - read - create - edit - delete minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - honey-tokens description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - read-credentials - create - edit - reset - revoke - type: array items: type: string enum: - read - read-credentials - create - edit - reset - revoke minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - approval-requests description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - create - type: array items: type: string enum: - read - create minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - approval-request-grants description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - revoke - type: array items: type: string enum: - read - revoke minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false - type: object properties: subject: type: string enum: - secret-approval-request description: The entity this permission pertains to. action: anyOf: - type: string enum: - read - type: array items: type: string enum: - read minItems: 1 description: Describe what action an entity can take. required: - subject - action additionalProperties: false description: The permissions assigned to the role. required: - slug - name - permissions additionalProperties: false responses: '200': description: Default Response content: application/json: schema: type: object properties: role: type: object properties: id: type: string format: uuid name: type: string description: type: string nullable: true slug: type: string permissions: type: array items: type: object properties: subject: anyOf: - type: string minLength: 1 - type: array items: type: string action: anyOf: - type: string minLength: 1 - type: array items: type: string conditions: {} inverted: type: boolean required: - action additionalProperties: false createdAt: type: string format: date-time updatedAt: type: string format: date-time projectId: type: string required: - id - name - slug - permissions - createdAt - updatedAt - projectId additionalProperties: false required: - role additionalProperties: false '400': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 400 message: type: string error: type: string details: {} required: - reqId - statusCode - message - error additionalProperties: false '401': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 401 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '403': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 403 message: type: string details: {} error: type: string required: - reqId - statusCode - message - error additionalProperties: false '404': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 404 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false '422': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 422 message: {} error: type: string required: - reqId - statusCode - error additionalProperties: false '500': description: Default Response content: application/json: schema: type: object properties: reqId: type: string statusCode: type: number enum: - 500 message: type: string error: type: string required: - reqId - statusCode - message - error additionalProperties: false security: - bearerAuth: [] components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: An access token in Infisical ````