Browse docs
--- title: "Roles and Permissions" description: "Define RBAC roles, attach permissions, and assign roles to users." icon: "shield-check" ---
Overview
Roles group permissions for dashboard users. Permissions describe actions on admin resources such as models, keys, tenants, budgets, guardrails, workflows, audit logs, settings, users, and roles.
Assign roles to users to control what they can view or change in the admin dashboard and identity-backed admin APIs.
Manual management
Use the dashboard at Identity -> Roles to view system roles, create custom roles, attach permissions, and remove roles that are no longer used.
System roles cannot be deleted. Custom roles should be created before automated user provisioning so your onboarding flow can assign role IDs reliably.
Server API automation
For endpoint reference see the Admin API section.
Create a role:
curl -X POST http://your-aurora-host/admin/api/v1/identity/roles \
-H "Authorization: Bearer $AURORA_MASTER_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "support-operator",
"description": "Can inspect usage and audit data"
}'Attach a permission:
curl -X POST http://your-aurora-host/admin/api/v1/identity/roles/<role-id>/permissions \
-H "Authorization: Bearer $AURORA_MASTER_KEY" \
-H "Content-Type: application/json" \
-d '{"permission_id": "<permission-id>"}'For automated onboarding, list roles once, store the role IDs your product uses, and assign those role IDs when creating users.