# Cybus::Role

The **Cybus::Role** resource allows you to define a reusable set of permissions that can later be assigned to one or more [Cybus::User](https://docs.cybus.io/2-0-6/documentation/services/service-commissioning-files/resources/cybus-user) resources. This is the recommended approach for managing permissions in Connectware, as it ensures consistency and simplifies maintenance.

See also [User Management](https://docs.cybus.io/2-0-6/documentation/user-management).

## Role Properties

| Property                    | Type       | Required     |
| --------------------------- | ---------- | ------------ |
| [permissions](#permissions) | `object[]` | **Required** |

### permissions

Defines the list of permissions granted to any user assigned to this role.

* **Required**
* Type: `object[]`
* Each item must be of type `object` with the following properties:

| Property                | Type   | Required     |
| ----------------------- | ------ | ------------ |
| [context](#context)     | string | **Required** |
| [operation](#operation) | string | **Required** |
| [resource](#resource)   | string | **Required** |

#### context

The context in which the role permissions for the resource should be interpreted.

* **Required**
* Type: `enum`
* The value of this property **must** be one of the following:
  * `mqtt` when describing permissions for MQTT topics
  * `http` when describing permissions for REST API paths

#### operation

The allowed access operation to the resource.

* **Required**
* Type: `enum`
* The value of this property **must** be one of the following:
  * `read`
  * `write`
  * `readWrite`

#### resource

The resource path to which the permission applies. This can be either:

* An MQTT topic (e.g., `edge.cybus/#`)
* A RESTful API path
* **Required**
* Type: `string`

## Example

{% code lineNumbers="true" %}

```yaml
myRole:
  type: Cybus::Role
  properties:
    permissions:
      - resource: edge.cybus/#
        operation: readWrite
        context: mqtt
```

{% endcode %}