How do I create a new global role by API?

Skip to first unread message

Barry Rowlingson

Feb 19, 2019, 10:07:03 AM2/19/19
to Dataverse Users Community
The API has roles *within a dataverse* and "global roles". I want to create a role (basically an Admin but without publish permissions) and be able to put people in that role in any dataverse. For this I think I want a global role.

The API doc has:

List Global Roles

List all global roles in the system.

GET http://$SERVER/api/admin/roles

Create Global Role

Creates a global role in the Dataverse installation. The data POSTed are assumed to be a role JSON.

POST http://$SERVER/api/admin/roles

Listing global roles gets back JSON with a status "OK" element and a "data" array of alias,
name, permissions (an array of permissions), description and id elements.

I can't seem to format some JSON to match the required format by the POST API call. I've tried an
object with alias/name/permissions/descriptions and an array with one of those as an element, but
all I get back is an error 415 page and a:

The server refused this request because the request entity is in a format not supported by
the requested resource for the requested method.

any ideas what the right format is?

Pete Meyer

Feb 19, 2019, 12:17:58 PM2/19/19
to Dataverse Users Community
Hi Barry,

I'd recommend taking a look at `scripts/api/data/role-curator.json` (or one of the other role-*.json files there) for an example of the syntax.  You may also want to double-check that you're using the `Content-Type: application/json` header when calling this API - the errors for not having this set are not particularly intuitive to me.

If I'm remembering correctly, trying to create an admin-without-publish role runs into the issue of keeping that user from having the permission to grant themselves the publish permission; if so, this may be something to keep in mind.


Barry Rowlingson

Feb 19, 2019, 12:48:05 PM2/19/19
to Dataverse Users Community
Thanks, the content-type header seems to work...

We have a trusted set of admins but we don't want them to accidentally publish anything. Hence the plan is to make it hard for them to do it by accident.

Just trying to delete some test roles now and failing.

This shows my role with id 13 (since I discovered "$id" meant numeric id and not its name!):

curl -X GET -H "X-Dataverse-key: $API_TOKEN" http://localhost:8080/api/roles/13

but this fails:

curl -X DELETE -H "X-Dataverse-key: $API_TOKEN" http://localhost:8080/api/roles/13


{"status":"ERROR","message":"Command failed: null"}[root@fhm-chicas-dataverse Roles]#

Pete Meyer

Feb 19, 2019, 5:23:59 PM2/19/19
to Dataverse Users Community
The delete failure looks like a bug to me.  On the develop branch, I see `Caused by: java.lang.IllegalArgumentException: You have attempted to set a value of type class java.lang.Long for parameter roleId with expected type of class
taverseRole from query string SELECT r FROM RoleAssignment r WHERE r.role=:roleId.` in the glassfish server.log when trying a similar delete role command.

It might be worth opening a GitHub issue for the delete failure.


Philip Durbin

Feb 25, 2019, 11:09:29 AM2/25/19
Yes, whenever commands fail with "failed: null" it's a bug so please do feel free to create an issue at about this, Barry.

Would the "Contributor" role work for your use case? The Contributor role can't publish but it can edit the dataset.



You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply all
Reply to author
0 new messages