Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Manage Roles

Aero2's RBAC system lets you create custom roles and assign permissions. This guide covers setting up roles for your organization.

View Existing Roles

curl https://aero2.dev/api/roles \
  -H "Authorization: Bearer <admin_token>"

Create a Custom Role

curl -X POST https://aero2.dev/api/roles \
  -H "Authorization: Bearer <admin_token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "support",
    "description": "Can view users and audit logs"
  }'

Add Permissions

First, list available permissions:

curl https://aero2.dev/api/permissions \
  -H "Authorization: Bearer <admin_token>"

Then add permissions to your role:

curl -X POST https://aero2.dev/api/roles/<role_id>/permissions \
  -H "Authorization: Bearer <admin_token>" \
  -H "Content-Type: application/json" \
  -d '{"permission_id": "<users_read_permission_id>"}'

Assign a Role to a User

curl -X POST https://aero2.dev/api/users/<user_id>/roles \
  -H "Authorization: Bearer <admin_token>" \
  -H "Content-Type: application/json" \
  -d '{"role_id": "<role_id>"}'

Remove a Role from a User

curl -X DELETE https://aero2.dev/api/users/<user_id>/roles/<role_id> \
  -H "Authorization: Bearer <admin_token>"

Example: Support Role

A role for support staff who can view users and audit logs but not modify anything:

# 1. Create the role
ROLE_ID=$(curl -s -X POST https://aero2.dev/api/roles \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"name": "support", "description": "Read-only support access"}' \
  | jq -r '.id')
 
# 2. Get permission IDs
PERMS=$(curl -s https://aero2.dev/api/permissions \
  -H "Authorization: Bearer $TOKEN")
 
USERS_READ=$(echo $PERMS | jq -r '.permissions[] | select(.name=="users:read") | .id')
AUDIT_READ=$(echo $PERMS | jq -r '.permissions[] | select(.name=="audit:read") | .id')
 
# 3. Add permissions
curl -X POST "https://aero2.dev/api/roles/$ROLE_ID/permissions" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"permission_id\": \"$USERS_READ\"}"
 
curl -X POST "https://aero2.dev/api/roles/$ROLE_ID/permissions" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"permission_id\": \"$AUDIT_READ\"}"
 
# 4. Assign to a user
curl -X POST "https://aero2.dev/api/users/$USER_ID/roles" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"role_id\": \"$ROLE_ID\"}"

See Also