Create Override

POST

/v1/rbac/overrides/

Create a single RBAC override.

• Omit user_id for a tenant-wide override.
• Provide user_id for a user-specific override.

Raises 409 if an identical (role, permission, scope) combination already exists.

Request Body ^required

RBACRoleOverrideCreate

Fields required to create an RBAC role override.

Scoping rules:

• Tenant-wide override: provide only tenant_id.
• User-specific override: provide tenant_id + user_id.

object

tenant_id

required

Tenant Id

string format: uuid

user_id

Any of:

string

string format: uuid

null

null

role_slug

required

Role Slug

string

>= 1 characters <= 100 characters

permission_slug

required

Permission Slug

string

>= 1 characters <= 100 characters

is_granted

Is Granted

boolean

default: true

Responses

201

Successful Response

Response[RBACRoleOverrideRead]

object

data

required

RBACRoleOverrideRead

Full representation of an RBACRoleOverride record.

object

id

required

Id

string format: uuid

created_at

required

Created At

string format: date-time

updated_at

required

Updated At

string format: date-time

tenant_id

required

Tenant Id

string format: uuid

user_id

Any of:

string

string format: uuid

null

null

role_slug

required

Role Slug

string

permission_slug

required

Permission Slug

string

is_granted

required

Is Granted

boolean

meta

ResponseMeta

Metadata included in every response envelope.

object

request_id

Any of:

string

string

null

null

organization_id

Any of:

string

string

null

null

422

Validation Error

HTTPValidationError

object

detail

Detail

Array<object>

ValidationError

object

loc

required

Location

Array

msg

required

Message

string

type

required

Error Type

string

input

Input

ctx

Context

object