Login
      Contents x
      Create role
        • Print
        • PDF
        Contents

        Create role

          • Print
          • PDF
          Article summary

          Available in Classic and VPC

          Create a role. Roles are temporary credentials composed of policies, and you can create roles to grant permissions to resources such as servers as well as sub accounts.

          Note

          In the Sub Account API, you can create and manage server, account, and service roles. The creation, configuration, and deletion of single sign-on roles can be done in the Ncloud Single Sign-On service.

          Request

          This section describes the request format. The method and URI are as follows:

          MethodURI
          POST/api/v1/roles

          Request headers

          For information about the headers common to all Sub Account APIs, see Sub Account request headers.

          Request body

          You can include the following data in the body of your request:

          FieldTypeRequiredDescription
          descContStringOptionalDescription of the role (byte)
          • 0-300
          roleNameStringRequiredRole name
          • 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ -
          • First letter must be Korean, English uppercase and lowercase letter, or Japanese
          roleTypeStringRequiredRole type
          • Server | Account | Service
            • Server: It is assigned to the server resource in the VPC environment. You can access services and resources without an access key
            • Account: Assign portal and console access permissions for the main account to the sub account. Role switching allows access to the target account's resources
            • Service: It is assigned to the service. You can access resources of other services
          sessionExpirationSecIntegerConditionalSession expiration time (second)
          • 600 | 1800 | 3600 | 10800
          • Required if roleType is Account

          Request example

          The request example is as follows:

          curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/roles' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
	"descCont": "Role description",
	"roleName": "role000",
	"roleType": "Account",
	"sessionExpirationSec": 600
}'

          Response

          This section describes the response format.

          Response body

          The response body includes the following data:

          FieldTypeRequiredDescription
          successBoolean-API call success status
          • true | false
            • true: succeeded
            • false: failed
          idString-Role ID

          Response status codes

          For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

          Response example

          The response example is as follows:

          {
    "success": true,
    "id": "5befa3a0-****-****-****-246e96591a38"
}
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout