# Custom roles

Manage Coralogix [custom roles](https://coralogix.com/docs/user-guides/aaa/access-control/permissions/index.md) directly from your AI agent. The Model Context Protocol (MCP) server provides a unified tool to create, retrieve, update, and delete custom roles, and to generate infrastructure-as-code definitions from role configurations.

## Tool

Use `manage_custom_roles` for all custom role operations.

| Action value          | Description                                                                                                                                                                                           |
| --------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `create`              | Create a new custom role with a name, description, parent role, and permissions.                                                                                                                      |
| `get`                 | Retrieve a specific custom role by ID.                                                                                                                                                                |
| `list`                | List custom roles with an optional case-insensitive name filter.                                                                                                                                      |
| `update`              | Update an existing custom role without changing its parent role.                                                                                                                                      |
| `delete`              | Delete a custom role by ID.                                                                                                                                                                           |
| `generate_openapi`    | Generate the OpenAPI JSON payload for use with the Coralogix REST API.                                                                                                                                |
| `generate_kubernetes` | Generate a Kubernetes Operator YAML manifest for the [Coralogix Operator](https://coralogix.com/docs/developer-portal/infrastructure-as-code/coralogix-operator/index.md).                            |
| `generate_terraform`  | Generate Terraform configuration for the [Coralogix Terraform Provider](https://coralogix.com/docs/developer-portal/infrastructure-as-code/terraform-provider/coralogix-terraform-provider/index.md). |

## Example prompts

### Create a custom role

```text
Create a Coralogix custom role named Observability Reader.
Use description "Read-only observability access", parent role Standard User,
and permission alerts:ReadConfig.
```

### List custom roles

```text
List Coralogix custom roles whose name contains "Observability".
```

### Update a custom role

```text
Update custom role <custom-role-id> by changing the description to
"Read-only observability and alerting access" and keeping the same parent role.
```

### Generate Terraform configuration

```text
Generate Terraform configuration for a custom role named Pipeline Manager with
description "Pipeline management role", parent role Standard User,
and permission spans.events2metrics:UpdateConfig. Do not create it.
```

## Important behaviors

- **Parent role changes are not supported during update.** If you provide `parentRoleName` during update, it must match the current backend value.
- **Provide permissions.** The tool rejects empty or blank permission strings.
- **Custom role IDs are strings in Model Context Protocol payloads.** The server parses them to numeric IDs only when calling the role management API.
- **Update requires the current role shape.** Retrieve the current role, modify it, then update with the complete definition.