MENU
      Create role

        Create role


        Article summary

        Available in Classic and VPC

        Create a role. Roles are temporary credentials composed of policies, and you can create roles to grant permissions to resources such as servers as well as sub accounts.

        Note

        In the Sub Account API, you can create and manage server, account, and service roles. The creation, configuration, and deletion of single sign-on roles can be done in the Ncloud Single Sign-On service.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        POST/api/v1/roles

        Request headers

        For information about the headers common to all Sub Account APIs, see Sub Account request headers.

        Request body

        You can include the following data in the body of your request:

        FieldTypeRequiredDescription
        descContStringOptionalDescription of the role (byte)
        • 0-300
        roleNameStringRequiredRole name
        • 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ -
        • First letter must be Korean, English uppercase and lowercase letter, or Japanese
        roleTypeStringRequiredRole type
        • Server | Account | Service
          • Server: It is assigned to the server resource in the VPC environment. You can access services and resources without an access key
          • Account: Assign portal and console access permissions for the main account to the sub account. Role switching allows access to the target account's resources
          • Service: It is assigned to the service. You can access resources of other services
        sessionExpirationSecIntegerConditionalSession expiration time (second)
        • 600 | 1800 | 3600 | 10800
        • Required if roleType is Account

        Request example

        The request example is as follows:

        curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/roles' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data '{
        	"descCont": "Role description",
        	"roleName": "role000",
        	"roleType": "Account",
        	"sessionExpirationSec": 600
        }'
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        successBoolean-API call success status
        • true | false
          • true: succeeded
          • false: failed
        idString-Role ID

        Response status codes

        For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

        Response example

        The response example is as follows:

        {
            "success": true,
            "id": "5befa3a0-****-****-****-246e96591a38"
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.