Custom roles is an Enterprise feature
Custom roles is available to customers on an Enterprise plan. To learn more, read about our pricing. To upgrade your plan, contact Sales.
Custom roles allow you to create flexible policies providing fine-grained access control to everything in LaunchDarkly, from feature flags to goals, environments and teams. With custom roles, it's possible to enforce access policies that meet your exact workflow needs.
The custom roles API allows you to create, update and delete custom roles. You can also use the API to list all of your custom roles or get a custom role by ID.
For more information about custom roles and the syntax for custom role policies, read the product documentation for Custom roles.
Get a complete list of custom roles. Custom roles let you create flexible policies providing fine-grained access control to everything in LaunchDarkly, from feature flags to goals, environments, and teams. With custom roles, it's possible to enforce access policies that meet your exact workflow needs. Custom roles are available to customers on our enterprise plans. If you're interested in learning more about our enterprise plans, contact sales@launchdarkly.com.
Custom roles collection response
Invalid access token
Forbidden
Rate limited
{- "_links": {
- "property1": {
- "href": "string",
- "type": "string"
}, - "property2": {
- "href": "string",
- "type": "string"
}
}, - "items": [
- {
- "_id": "1234a56b7c89d012345e678f",
- "_links": {
- "property1": {
- "href": "string",
- "type": "string"
}, - "property2": {
- "href": "string",
- "type": "string"
}
}, - "_access": {
- "denied": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- null
], - "actions": [
- "*"
], - "notActions": [
- null
], - "effect": "allow",
- "role_name": "string"
}
}
], - "allowed": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- null
], - "actions": [
- "*"
], - "notActions": [
- null
], - "effect": "allow",
- "role_name": "string"
}
}
]
}, - "description": "This custom role is just an example",
- "key": "example-custom-role",
- "name": "Example custom role",
- "policy": [
- {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow"
}
], - "basePermissions": "string"
}
], - "totalCount": 0
}
Create a new custom role
Custom role response
Invalid request
Invalid access token
Forbidden
Status conflict
Rate limited
{- "basePermissions": "reader",
- "description": "An example role for members of the ops team",
- "key": "role-key-123abc",
- "name": "Ops team",
- "policy": [
- {
- "actions": [
- "updateOn"
], - "effect": "allow",
- "resources": [
- "proj/*:env/production:flag/*"
]
}
]
}
{- "_id": "1234a56b7c89d012345e678f",
- "_links": {
- "property1": {
- "href": "string",
- "type": "string"
}, - "property2": {
- "href": "string",
- "type": "string"
}
}, - "_access": {
- "denied": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow",
- "role_name": "string"
}
}
], - "allowed": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow",
- "role_name": "string"
}
}
]
}, - "description": "This custom role is just an example",
- "key": "example-custom-role",
- "name": "Example custom role",
- "policy": [
- {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow"
}
], - "basePermissions": "string"
}
Get a single custom role by key or ID
Custom role response
Invalid access token
Forbidden
Invalid resource identifier
Rate limited
{- "_id": "1234a56b7c89d012345e678f",
- "_links": {
- "property1": {
- "href": "string",
- "type": "string"
}, - "property2": {
- "href": "string",
- "type": "string"
}
}, - "_access": {
- "denied": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow",
- "role_name": "string"
}
}
], - "allowed": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow",
- "role_name": "string"
}
}
]
}, - "description": "This custom role is just an example",
- "key": "example-custom-role",
- "name": "Example custom role",
- "policy": [
- {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow"
}
], - "basePermissions": "string"
}
Update a single custom role. Updating a custom role uses a JSON patch or JSON merge patch representation of the desired changes. To learn more, read Updates.
To add an element to the policy
array, set the path
to /policy
and then append /<array index>
. Use /0
to add to the beginning of the array. Use /-
to add to the end of the array.
Custom role response
Invalid request
Invalid access token
Invalid resource identifier
Status conflict
Rate limited
{- "patch": [
- {
- "op": "add",
- "path": "/policy/0",
- "value": {
- "actions": [
- "updateOn"
], - "effect": "allow",
- "resources": [
- "proj/*:env/qa:flag/*"
]
}
}
]
}
{- "_id": "1234a56b7c89d012345e678f",
- "_links": {
- "property1": {
- "href": "string",
- "type": "string"
}, - "property2": {
- "href": "string",
- "type": "string"
}
}, - "_access": {
- "denied": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow",
- "role_name": "string"
}
}
], - "allowed": [
- {
- "action": "string",
- "reason": {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow",
- "role_name": "string"
}
}
]
}, - "description": "This custom role is just an example",
- "key": "example-custom-role",
- "name": "Example custom role",
- "policy": [
- {
- "resources": [
- "proj/*:env/*;qa_*:/flag/*"
], - "notResources": [
- "string"
], - "actions": [
- "*"
], - "notActions": [
- "string"
], - "effect": "allow"
}
], - "basePermissions": "string"
}
Delete a custom role by key
Action succeeded
Invalid access token
Invalid resource identifier
Rate limited
{- "code": "unauthorized",
- "message": "Invalid access token"
}