Image & Video APIs

Manage roles

Last updated: Jun-30-2025

Cloudinary roles define what users, groups, and API keys can access and do across your account. Managing roles via the Permissions API allows you to create, update, and delete custom roles programmatically—so you can scale permissions consistently without assigning individual policies one by one.

On this page, you’ll learn how to:

See also


Retrieve roles and policies

Use these endpoints to inspect and audit your roles and available policy options:

Endpoint Use Case
GET /roles?management_type=system List all system roles
GET /roles?management_type=custom List custom roles you've created
GET /roles/{role_id} View the policies included in a specific role
GET /policies/system List all available system policies

For more information on system roles and policies, see System roles and policies.

Manage custom roles

Use these endpoints to manage custom roles for your account or product environments.

Create a custom role

Use POST /roles/custom to define a role and include the system policies it should grant.

You must specify:

  • permission_type: global or content
  • scope_type: account or prodenv
  • One or more system_policy_ids
  • (Optional) id, name, and description

Global roles apply to all content or account-level features. Content roles apply to specific folders or collections and require policy_parameters when assigning.

Example 1: Create a global role to manage uploads

Example 2: Create a content role for folder access

Example 3: Create an account-level role for admin tasks

Note
If scope_type is prodenv, you must specify the product environments when assigning the role. You can assign to "all" environments or a specific list of product environment IDs.

Update or delete a custom role

Considerations for planning roles effectively

Actions that require multiple permissions

Some tasks require multiple permissions to enable. If a user doesn't have all the permissions listed for that action, they won't be able to perform it. Make sure the roles you create contain all the listed permissions to perform these actions:

Action Required System Policies
Use Moderation tab to moderate assets Access the moderation page:
cld::policy::global::moderation_queue::access

Moderate all assets or assets in folders:
cld::policy::content::folder::moderate OR cld::policy::global::assets::moderate

View the assets to moderate:
cld::policy::content::folder::view_download OR cld::policy::global::assets_and_folders::view

Add assets to (non-dynamic) collections Add assets to all collections or specific collections:
cld::policy::content::collection::add_assets OR cld::policy::global::collections::manage

View the assets to add to collections:
cld::policy::content::folder::view_download OR cld::policy::global::assets_and_folders::view

Remove assets from (non-dynamic) collections Remove assets from all collections or specific collections:
cld::policy::content::collection::remove_assets OR cld::policy::global::collections::manage

View assets to remove from collections:
cld::policy::content::folder::view_download OR cld::policy::global::assets_and_folders::view

Relate one asset to another Relate assets:
cld::policy::global::asset_relation::create

View the assets you want to relate:
cld::policy::content::folder::view_download OR cld::policy::global::assets_and_folders::view

Move assets between folders Move assets out of the source folder:
cld::policy::content::folder::move_assets

Move assets into the destination folder:
cld::policy::content::folder::add_assets

✔️ Feedback sent!

Rate this page: