mirror of
https://github.com/coder/coder.git
synced 2026-06-03 13:08:25 +00:00
Jaayden Halko
3fb7c6264f
## Summary Adds an entitlement-gated **AI add-on** column to both the **Users** table and the **Organization Members** table. When `ai_governance_user_limit` is entitled, each row shows whether the user is consuming an AI seat. ## Background The AI governance add-on tracks which users are consuming AI seats. Admins need visibility into per-user seat consumption directly from the user management tables. This change surfaces that information through both the site-wide Users table and the per-organization Members table, gated behind the `ai_governance_user_limit` entitlement so the column only appears when the feature is licensed. ## Implementation ### Backend - **New SQL query** `GetUserAISeatStates` (`coderd/database/queries/aiseatstate.sql`) — returns user IDs consuming an AI seat, derived from: - Users with entries in `aibridge_interceptions` (AI Bridge usage) - Users who own workspaces with `has_ai_task = true` builds (AI Tasks usage) - **SDK types** — added `has_ai_seat: boolean` to `codersdk.User` and `codersdk.OrganizationMemberWithUserData` - **Handler wiring** — both the Users list endpoint (`coderd/users.go`) and all Members endpoints (`coderd/members.go`) query AI seat state per page of user IDs and populate the response field - **dbauthz** — per-user `ActionRead` checks on `ResourceUserObject` ### Frontend - **Shared `AISeatCell` component** (`site/src/modules/users/AISeatCell.tsx`) — green `CircleCheck` for consuming, gray `X` for non-consuming - **`TableColumnHelpTooltip`** — extended with `ai_addon` variant with tooltip: *"Users with access to AI features like AI Bridge, Boundary, or Tasks who are actively consuming a seat."* - **Column visibility** gated behind `useFeatureVisibility().ai_governance_user_limit` ## Validation - Backend: dbauthz full method suite (`TestMethodTestSuite`) passes including new `GetUserAISeatStates` test - Backend: `TestGetUsers`, `TestUsersFilter`, CLI golden file tests pass - Frontend: 7/7 tests pass across `UsersPage.test.tsx` and `OrganizationMembersPage.test.tsx` (column visibility gating both directions) - `go build ./coderd/...` compiles clean - `pnpm --dir site run lint:types` passes - `make gen` clean ## Risks - **Pagination performance**: The AI seat query is scoped to the current page's user IDs (not a full table scan), keeping it efficient for paginated views. - **Semantic scope**: The workspace-side AI seat derivation uses "any build with `has_ai_task = true`" rather than "latest build only". If the product intent is latest-build-only, this can be tightened in a follow-up. --- _Generated with `mux` • Model: `anthropic:claude-opus-4-6` • Thinking: `xhigh` • Cost: `$27.25`_ <!-- mux-attribution: model=anthropic:claude-opus-4-6 thinking=xhigh costs=27.25 -->
64 KiB
Generated
64 KiB
Generated
Members
List organization members
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /organizations/{organization}/members
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
Example responses
200 Response
[
{
"avatar_url": "string",
"created_at": "2019-08-24T14:15:22Z",
"email": "string",
"global_roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"has_ai_seat": true,
"is_service_account": true,
"last_seen_at": "2019-08-24T14:15:22Z",
"login_type": "",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"status": "active",
"updated_at": "2019-08-24T14:15:22Z",
"user_created_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
"user_updated_at": "2019-08-24T14:15:22Z",
"username": "string"
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.OrganizationMemberWithUserData |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» avatar_url |
string | false | ||
» created_at |
string(date-time) | false | ||
» email |
string | false | ||
» global_roles |
array | false | ||
»» display_name |
string | false | ||
»» name |
string | false | ||
»» organization_id |
string | false | ||
» has_ai_seat |
boolean | false | Has ai seat intentionally omits omitempty so the API always includes the field, even when false. | |
» is_service_account |
boolean | false | ||
» last_seen_at |
string(date-time) | false | ||
» login_type |
codersdk.LoginType | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» roles |
array | false | ||
» status |
codersdk.UserStatus | false | ||
» updated_at |
string(date-time) | false | ||
» user_created_at |
string(date-time) | false | ||
» user_id |
string(uuid) | false | ||
» user_updated_at |
string(date-time) | false | ||
» username |
string | false |
Enumerated Values
| Property | Value(s) |
|---|---|
login_type |
``, github, none, oidc, password, token |
status |
active, suspended |
To perform this operation, you must be authenticated. Learn more.
Get member roles by organization
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /organizations/{organization}/members/roles
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
Example responses
200 Response
[
{
"assignable": true,
"built_in": true,
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.AssignableRoles |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» assignable |
boolean | false | ||
» built_in |
boolean | false | Built in roles are immutable | |
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Update a custom organization role
Code samples
# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
PUT /organizations/{organization}/members/roles
Body parameter
{
"display_name": "string",
"name": "string",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
body |
body | codersdk.CustomRoleRequest | true | Update role request |
Example responses
200 Response
[
{
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.Role |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Insert a custom organization role
Code samples
# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
POST /organizations/{organization}/members/roles
Body parameter
{
"display_name": "string",
"name": "string",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
body |
body | codersdk.CustomRoleRequest | true | Insert role request |
Example responses
200 Response
[
{
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.Role |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Delete a custom organization role
Code samples
# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/roles/{roleName} \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
DELETE /organizations/{organization}/members/roles/{roleName}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string(uuid) | true | Organization ID |
roleName |
path | string | true | Role name |
Example responses
200 Response
[
{
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.Role |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.
Get organization member
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /organizations/{organization}/members/{user}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
Example responses
200 Response
{
"avatar_url": "string",
"created_at": "2019-08-24T14:15:22Z",
"email": "string",
"global_roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"has_ai_seat": true,
"is_service_account": true,
"last_seen_at": "2019-08-24T14:15:22Z",
"login_type": "",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"status": "active",
"updated_at": "2019-08-24T14:15:22Z",
"user_created_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
"user_updated_at": "2019-08-24T14:15:22Z",
"username": "string"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | codersdk.OrganizationMemberWithUserData |
To perform this operation, you must be authenticated. Learn more.
Add organization member
Code samples
# Example request using curl
curl -X POST http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
POST /organizations/{organization}/members/{user}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
Example responses
200 Response
{
"created_at": "2019-08-24T14:15:22Z",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"updated_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | codersdk.OrganizationMember |
To perform this operation, you must be authenticated. Learn more.
Remove organization member
Code samples
# Example request using curl
curl -X DELETE http://coder-server:8080/api/v2/organizations/{organization}/members/{user} \
-H 'Coder-Session-Token: API_KEY'
DELETE /organizations/{organization}/members/{user}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 204 | No Content | No Content |
To perform this operation, you must be authenticated. Learn more.
Assign role to organization member
Code samples
# Example request using curl
curl -X PUT http://coder-server:8080/api/v2/organizations/{organization}/members/{user}/roles \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
PUT /organizations/{organization}/members/{user}/roles
Body parameter
{
"roles": [
"string"
]
}
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
user |
path | string | true | User ID, name, or me |
body |
body | codersdk.UpdateRoles | true | Update roles request |
Example responses
200 Response
{
"created_at": "2019-08-24T14:15:22Z",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"updated_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5"
}
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | codersdk.OrganizationMember |
To perform this operation, you must be authenticated. Learn more.
Paginated organization members
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/organizations/{organization}/paginated-members \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /organizations/{organization}/paginated-members
Parameters
| Name | In | Type | Required | Description |
|---|---|---|---|---|
organization |
path | string | true | Organization ID |
q |
query | string | false | Member search query |
after_id |
query | string(uuid) | false | After ID |
limit |
query | integer | false | Page limit, if 0 returns all members |
offset |
query | integer | false | Page offset |
Example responses
200 Response
[
{
"count": 0,
"members": [
{
"avatar_url": "string",
"created_at": "2019-08-24T14:15:22Z",
"email": "string",
"global_roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"has_ai_seat": true,
"is_service_account": true,
"last_seen_at": "2019-08-24T14:15:22Z",
"login_type": "",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"roles": [
{
"display_name": "string",
"name": "string",
"organization_id": "string"
}
],
"status": "active",
"updated_at": "2019-08-24T14:15:22Z",
"user_created_at": "2019-08-24T14:15:22Z",
"user_id": "a169451c-8525-4352-b8ca-070dd449a1a5",
"user_updated_at": "2019-08-24T14:15:22Z",
"username": "string"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.PaginatedMembersResponse |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» count |
integer | false | ||
» members |
array | false | ||
»» avatar_url |
string | false | ||
»» created_at |
string(date-time) | false | ||
»» email |
string | false | ||
»» global_roles |
array | false | ||
»»» display_name |
string | false | ||
»»» name |
string | false | ||
»»» organization_id |
string | false | ||
»» has_ai_seat |
boolean | false | Has ai seat intentionally omits omitempty so the API always includes the field, even when false. | |
»» is_service_account |
boolean | false | ||
»» last_seen_at |
string(date-time) | false | ||
»» login_type |
codersdk.LoginType | false | ||
»» name |
string | false | ||
»» organization_id |
string(uuid) | false | ||
»» roles |
array | false | ||
»» status |
codersdk.UserStatus | false | ||
»» updated_at |
string(date-time) | false | ||
»» user_created_at |
string(date-time) | false | ||
»» user_id |
string(uuid) | false | ||
»» user_updated_at |
string(date-time) | false | ||
»» username |
string | false |
Enumerated Values
| Property | Value(s) |
|---|---|
login_type |
``, github, none, oidc, password, token |
status |
active, suspended |
To perform this operation, you must be authenticated. Learn more.
Get site member roles
Code samples
# Example request using curl
curl -X GET http://coder-server:8080/api/v2/users/roles \
-H 'Accept: application/json' \
-H 'Coder-Session-Token: API_KEY'
GET /users/roles
Example responses
200 Response
[
{
"assignable": true,
"built_in": true,
"display_name": "string",
"name": "string",
"organization_id": "7c60d51f-b44e-4682-87d6-449835ea4de6",
"organization_member_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"organization_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"site_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
],
"user_permissions": [
{
"action": "application_connect",
"negate": true,
"resource_type": "*"
}
]
}
]
Responses
| Status | Meaning | Description | Schema |
|---|---|---|---|
| 200 | OK | OK | array of codersdk.AssignableRoles |
Response Schema
Status Code 200
| Name | Type | Required | Restrictions | Description |
|---|---|---|---|---|
[array item] |
array | false | ||
» assignable |
boolean | false | ||
» built_in |
boolean | false | Built in roles are immutable | |
» display_name |
string | false | ||
» name |
string | false | ||
» organization_id |
string(uuid) | false | ||
» organization_member_permissions |
array | false | Organization member permissions are specific for the organization in the field 'OrganizationID' above. | |
»» action |
codersdk.RBACAction | false | ||
»» negate |
boolean | false | Negate makes this a negative permission | |
»» resource_type |
codersdk.RBACResource | false | ||
» organization_permissions |
array | false | Organization permissions are specific for the organization in the field 'OrganizationID' above. | |
» site_permissions |
array | false | ||
» user_permissions |
array | false |
Enumerated Values
| Property | Value(s) |
|---|---|
action |
application_connect, assign, create, create_agent, delete, delete_agent, read, read_personal, share, ssh, start, stop, unassign, update, update_agent, update_personal, use, view_insights |
resource_type |
*, aibridge_interception, api_key, assign_org_role, assign_role, audit_log, boundary_usage, chat, connection_log, crypto_key, debug_info, deployment_config, deployment_stats, file, group, group_member, idpsync_settings, inbox_notification, license, notification_message, notification_preference, notification_template, oauth2_app, oauth2_app_code_token, oauth2_app_secret, organization, organization_member, prebuilt_workspace, provisioner_daemon, provisioner_jobs, replicas, system, tailnet_coordinator, task, template, usage_event, user, user_secret, webpush_subscription, workspace, workspace_agent_devcontainers, workspace_agent_resource_monitor, workspace_dormant, workspace_proxy |
To perform this operation, you must be authenticated. Learn more.