# Create custom role Create a custom role with specific capabilities for an organization. Requires the `manage_roles` capability. The calling user can only assign capabilities they themselves possess (anti-escalation). #### Path Parameters **`organization_id`** string required Organization ID (org_ prefixed string). #### Request Body **`name`** string required Role name. Must be unique within the organization. Max 100 characters. **`description`** string optional Human-readable description. Max 500 characters. **`capabilities`** array of strings required List of capability keys to assign. Must be valid values from the [capabilities endpoint](/docs/api-reference/organizations/roles/capabilities). At least one capability required. ## Returns The created role object with capabilities, member count of 0, and creation timestamp. Request ```bash cURL curl -X POST "https://api.aitronos.com/v1/organizations/org_abc123/roles" \ -H "Authorization: Bearer $ACCESS_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Marketing Analyst", "description": "Can view audit logs and manage knowledge slices", "capabilities": ["view_audit_log", "manage_knowledge_slices"] }' ``` ```python Python SDK from aitronos import Aitronos client = Aitronos(api_key="your-api-key") role = client.organizations.roles.create( organization_id="org_abc123", name="Marketing Analyst", description="Can view audit logs and manage knowledge slices", capabilities=["view_audit_log", "manage_knowledge_slices"], ) print(role) ``` ```python Python import requests response = requests.post( "https://api.aitronos.com/v1/organizations/org_abc123/roles", headers={"Authorization": "Bearer YOUR_ACCESS_TOKEN"}, json={ "name": "Marketing Analyst", "description": "Can view audit logs and manage knowledge slices", "capabilities": ["view_audit_log", "manage_knowledge_slices"], }, ) print(response.json()) ``` ```javascript JavaScript const response = await fetch( "https://api.aitronos.com/v1/organizations/org_abc123/roles", { method: "POST", headers: { Authorization: "Bearer YOUR_ACCESS_TOKEN", "Content-Type": "application/json", }, body: JSON.stringify({ name: "Marketing Analyst", description: "Can view audit logs and manage knowledge slices", capabilities: ["view_audit_log", "manage_knowledge_slices"], }), } ); const role = await response.json(); console.log(role); ``` Response ```json 201 Created { "id": "role_abc123def456", "name": "Marketing Analyst", "description": "Can view audit logs and manage knowledge slices", "permissions": {}, "is_base_role": false, "is_custom": true, "is_system_role": false, "capabilities": ["view_audit_log", "manage_knowledge_slices"], "member_count": 0, "knowledge_slice_ids": [], "organization_id": "org_abc123", "created_at": "2026-02-28T12:00:00+00:00" } ``` ```json 409 Conflict { "success": false, "error": { "code": "ROLE_NAME_DUPLICATE", "message": "A role with this name already exists in this organization.", "system_message": "A role with this name already exists in this organization", "type": "client_error", "status": 409, "details": { "name": "Marketing Analyst", "organization_id": "org_abc123" }, "trace_id": "abc-123-def", "timestamp": "2026-02-28T12:00:00Z" } } ``` ```json 403 Anti-Escalation { "success": false, "error": { "code": "ANTI_ESCALATION_VIOLATION", "message": "You cannot assign a role with capabilities you don't have.", "system_message": "You cannot create a role with capabilities you don't have", "type": "client_error", "status": 403, "details": { "missing_capabilities": ["manage_billing"] }, "trace_id": "abc-123-def", "timestamp": "2026-02-28T12:00:00Z" } } ``` ## Related Resources - [Retrieve role](/docs/api-reference/organizations/roles/retrieve) - [Update custom role](/docs/api-reference/organizations/roles/update-role) - [Delete custom role](/docs/api-reference/organizations/roles/delete-role) - [Role templates](/docs/api-reference/organizations/roles/role-templates) - [List capabilities](/docs/api-reference/organizations/roles/capabilities) - [List role members](/docs/api-reference/organizations/roles/list-members) - [Assign role member](/docs/api-reference/organizations/roles/assign-member)