IamRole
Type: Object
Roles are the central unit of authorization, representing a set of permissions that can be assigns to users, reactions, timers and more. These roles can either give broad permissions, or fine-grained access to specific resources.
They follow a familiar pattern of a series of statements, each with a specific purpose:
An Effect:
- Allow: Allows the action to proceed.
- Deny: Prevents the action from proceeding.
A list of Actions:
- Create: Allows the creation of new resources.
- Read: Allows the retrieval of existing resources.
- Update: Allows the modification of existing resources.
- Destroy: Allows the deletion of existing resources.
- other: Specific actions that are not covered by the above categories, these depend on the resource.
A list of Resources: These follow a similar ARN-like expression, with the following format:
- arn:core:[resource-type]:[resource-id]
For example:
- arn:core:account:*
- arn:core🖨️printer123
Sample Policy Document:
json
{
"Version": "2025-08-01",
"Statement": [
{
"Effect": "Allow",
"Action": ["create", "read", "update", "destroy"],
"Resource": ["arn:core:job:*"]
}
]
}Fields
| Name | Type | Args | Description | Deprecated |
|---|---|---|---|---|
| createdAt | DateTime! | |||
| description | String | A description for the role | ||
| document | JsonString! | The IAM policy document for the role | ||
| id | ID! | |||
| name | String! | A unique name for the role | ||
| updatedAt | DateTime! |