POST /v2/roles

Default value: "application/json"

Name of the role.

A search filter which would be applied on partitions which belong to Log Analytics product area.

Description of the role.

List of views which with specific view level filters in accordance to the selectionType chosen.

Name of the view.

Set this to true if you want to automatically append all missing capability requirements. If set to false an error will be thrown if any capabilities are missing their dependencies.

Default value: true

List of user identifiers to assign the role to.

A search filter which would be applied on partitions which belong to Audit Data product area. Help Doc : (https://help.sumologic.com/docs/manage/security/audit-index/).

A search filter which would be applied on partitions which belong to Security Data product area.

List of capabilities associated with this role. Valid values are

Data Management

• viewCollectors
• manageCollectors
• manageBudgets
• manageDataVolumeFeed
• viewFieldExtraction
• manageFieldExtractionRules
• manageS3DataForwarding
• manageContent
• manageApps
• dataVolumeIndex
• manageConnections
• viewScheduledViews
• manageScheduledViews
• viewPartitions
• managePartitions
• viewFields
• manageFields
• viewAccountOverview
• manageTokens
• downloadSearchResults
• manageIndexes
• manageDataStreams
• viewParsers
• viewDataStreams

Entity management

• manageEntityTypeConfig

Metrics

• metricsTransformation
• metricsExtraction
• metricsRules

Security

• managePasswordPolicy
• ipAllowlisting
• ipWhitelisting
• createAccessKeys
• manageAccessKeys
• manageSupportAccountAccess
• manageAuditDataFeed
• manageSaml
• shareDashboardOutsideOrg
• manageOrgSettings
• changeDataAccessLevel

Dashboards

• shareDashboardWorld
• shareDashboardAllowlist
• shareDashboardWhitelist

UserManagement

• manageUsersAndRoles

Observability

• searchAuditIndex
• auditEventIndex

Cloud SIEM Enterprise

• viewCse
• cseViewAutomations
• cseManageContextActions
• cseViewNetworkBlocks
• cseManageInsightTags
• cseViewRules
• cseViewThreatIntelligence
• cseCommentOnInsights
• cseViewEntityGroups
• cseManageEntityConfiguration
• cseManageNetworkBlocks
• cseManageMatchLists
• cseViewCustomInsights
• cseManageActions
• cseManageAutomations
• cseManageMappings
• cseManageThreatIntelligence
• cseViewActions
• cseCreateInsights
• cseManageTagSchemas
• cseInvokeInsights
• cseManageCustomEntityType
• cseViewTagSchemas
• cseDeleteInsights
• cseManageCustomInsights
• cseViewFileAnalysis
• cseManageFileAnalysis
• cseManageEntityCriticality
• cseViewEntityCriticality
• cseViewEntity
• cseManageCustomInsightStatuses
• cseViewContextActions
• cseViewMappings
• cseViewCustomEntityType
• cseManageEntityGroups
• cseViewCustomInsightStatuses
• cseViewEnrichments
• cseManageInsightSignals
• cseManageRules
• cseManageArtifacts
• cseViewMatchLists
• cseManageInsightPolicy
• cseManageEnrichments
• cseViewEntityConfiguration
• cseManageEntity
• cseExecuteAutomations
• cseManageSuppressedEntities
• cseManageInsightStatus
• cseManageInsightAssignee
• cseManageFavoriteFields
• cseViewSuppressedEntities

Alerting

• viewMonitorsV2
• manageMonitorsV2
• viewAlerts
• viewMutingSchedules
• manageMutingSchedules
• adminMonitorsV2

SLO

• viewSlos
• manageSlos

CloudSoar

• cloudSoarPlaybooksAccess
• cloudSoarNotificationConfigure
• cloudSoarReportAll
• cloudSoarIncidentTriageAccess
• cloudSoarIncidentTaskView
• cloudSoarIncidentChangeOwnership
• cloudSoarIncidentNotesEdit
• cloudSoarAPIEmailEdit
• cloudSoarIncidentTemplatesAccess
• cloudSoarIncidentPlaybooksManage
• cloudSoarGeneralConfigure
• cloudSoarEntitiesAccess
• cloudSoarEntitiesBulkPhysicalDelete
• cloudSoarIncidentAttachmentsAccess
• cloudSoarAppCentralAccess
• cloudSoarBridgeMonitoringAccess
• viewCloudSoar
• cloudSoarIncidentView
• cloudSoarObservabilityAccess
• cloudSoarAPIEmailRead
• cloudSoarAppCentralExport
• cloudSoarWidgetsAll
• cloudSoarIncidentTaskReassign
• cloudSoarIntegrationsAccess
• cloudSoarCustomizationIncidentLabels
• cloudSoarAutomationRulesConfigure
• cloudSoarIncidentTaskAccessAll
• cloudSoarAuditAndInformationConfigureAuditTrail
• cloudSoarIncidentTriageEdit
• cloudSoarIncidentEdit
• cloudSoarNotificationTriage
• cloudSoarIncidentTriageBulkPhysicalDelete
• cloudSoarIncidentNotesAccess
• cloudSoarAPIUse
• cloudSoarIncidentPlaybooksEdit
• cloudSoarDashboardAll
• cloudSoarEntitiesManage
• cloudSoarIncidentTemplatesConfigure
• cloudSoarIncidentTriageAccessAll
• cloudSoarPlaybooksConfigure
• cloudSoarIncidentAccessAll
• cloudSoarCustomizationLogo
• cloudSoarIncidentTaskAccess
• cloudSoarIncidentTriageView
• cloudSoarIntegrationsConfigure
• cloudSoarIncidentManageInvestigators
• cloudSoarIncidentAccess
• cloudSoarAuditAndInformationLicenseInformation
• cloudSoarIncidentBulkOperations
• cloudSoarCustomizationFields
• cloudSoarIncidentTaskEdit
• cloudSoarDashboardAccess
• cloudSoarIncidentAttachmentsEdit
• cloudSoarIncidentFoldersEdit
• cloudSoarUserManagementGroups
• cloudSoarIncidentPlaybooksAccess
• cloudSoarIncidentWarRoomUse
• cloudSoarReportAccess
• cloudSoarAuditAndInformationAuditTrail
• cloudSoarAutomationRulesAccess
• cloudSoarIncidentTriageChangeOwnership
• cloudSoarObservabilityManagement

Describes the Permission Construct for the list of views in "selectedViews" parameter.

Valid Values are :

• All selectionType would allow access to all views in the org.
• Allow selectionType would allow access to specific views mentioned in "selectedViews" parameter.
• Deny selectionType would deny access to specific views mentioned in "selectedViews" parameter.