#
Creating a new roleWhen using SuperTokens, roles and permissions are simple strings that can be assigned to users and verified on your backend and frontend.
When creating new roles you can choose to add 0 or multiple permissions to the role.
important
Roles must be ceated before they can be assigned to users
tip
Roles can also be created from the user management dashboard. To know more about how to manage your user roles and permissions from user management dashboard see this page.
- Dashboard
- NodeJS
- GoLang
- Python
- cURL
Important
For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.
import UserRoles from "supertokens-node/recipe/userroles";
async function createRole() {
/**
* You can choose to give multiple or no permissions when creating a role
* createNewRoleOrAddPermissions("user", []) - No permissions
* createNewRoleOrAddPermissions("user", ["read", "write"]) - Multiple permissions
*/
const response = await UserRoles.createNewRoleOrAddPermissions("user", ["read"]);
if (response.createdNewRole === false) {
// The role already exists
}
}
import (
"github.com/supertokens/supertokens-golang/recipe/userroles"
)
func createRole() {
/**
* You can choose to give multiple or no permissions when creating a role
* createNewRoleOrAddPermissions("user", []string{}) - No permissions
* createNewRoleOrAddPermissions("user", []string{"read", "write"}) - Multiple permissions
*/
resp, err := userroles.CreateNewRoleOrAddPermissions("user", []string{
"read",
}, nil)
if err != nil {
// TODO: Handle error
return
}
if resp.OK.CreatedNewRole == false {
// The role already exists
}
}
- Asyncio
- Syncio
from supertokens_python.recipe.userroles.asyncio import create_new_role_or_add_permissions
async def create_role():
res = await create_new_role_or_add_permissions("user", ["read"])
if not res.created_new_role:
# The role already existed
pass
from supertokens_python.recipe.userroles.syncio import create_new_role_or_add_permissions
def create_role():
res = create_new_role_or_add_permissions("user", ["read"])
if not res.created_new_role:
# The role already existed
pass
- Single app setup
- Multi app setup
curl --location --request PUT '/recipe/role' \
--header 'api-key: ' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '{
"role": "user",
"permissions": [
"read"
]
}'
curl --location --request PUT '/recipe/role' \
--header 'api-key: ' \
--header 'Content-Type: application/json; charset=utf-8' \
--data-raw '{
"role": "user",
"permissions": [
"read"
]
}'
Multi Tenancy
In a multi tenant setup, roles and permissions are shared across all tenants. This means that you can create a role and add permissions to it once, and reuse that role across any tenant in your app.