# Cybus::Role

Creates a new *role* resource. See also [user and role management](https://docs.cybus.io/1-8-0/documentation/user-management).

The role defined here can be used in the list of roles for a [Cybus::User](https://docs.cybus.io/1-8-0/documentation/services/service-commissioning-files/structure-of-service-commissioning-files/resources/cybus-user) resource, which is the suggested way of specifying a set of permissions for a user.

## Properties

| Property                    | Type       | Required     |
| --------------------------- | ---------- | ------------ |
| [permissions](#permissions) | `object[]` | **Required** |

### permissions

The permissions associated to this role

* is **required**
* type: `object[]`; all items must be of the type: `object` with following properties:

| Property                | Type   | Required     |
| ----------------------- | ------ | ------------ |
| [context](#context)     | string | **Required** |
| [operation](#operation) | string | **Required** |
| [resource](#resource)   | string | **Required** |

#### context

The context in which the role permissions for the resource should be interpreted.

* is **required**
* type: `enum`; the value of this property **must** be equal to one of the below:
  * `mqtt` when describing permissions for MQTT topics
  * `http` when describing permissions for REST API paths

#### operation

The allowed access operation to the resource.

* is **required**
* type: `enum`; the value of this property **must** be equal to one of the below:
  * `read`
  * `write`
  * `readWrite`

#### resource

Resource path. Can be REST-ful API path or MQTT topic.

* is **required**
* type: `string`

## Example

{% code lineNumbers="true" %}

```yaml
myRole:
    type: Cybus::Role
    properties:
        permissions:
            - resource: edge.cybus/#
              operation: readWrite
              context: mqtt
```

{% endcode %}