--- title: How to Create a Role url: https://docs.vultr.com/platform/iam/roles/how-to-create-a-role description: Create an IAM role on Vultr with assignable or assumable type. Define a reusable permission set by attaching policies that control access to cloud resources. publish_date: 2026-03-24T19:52:37.532007Z last_updated: 2026-06-01T21:29:30.525464Z --- Roles in Vultr's IAM system define a set of permissions that can be assigned to users or groups. Roles contain policies that specify what actions are allowed or denied on which resources. There are two types of roles: * **Assignable roles** provide permanent access and are attached directly to users or groups. Use assignable roles for day-to-day permissions that users need continuously. * **Assumable roles** provide temporary, elevated access through time-bound sessions. Assumable roles support IP restrictions and trust-based assumption (by user, group, organization, or OIDC issuer). Use assumable roles for privileged operations that follow the principle of least privilege. Follow this guide to create a role using the Vultr Console, the Vultr API, or Terraform. === "Vultr Console" 1. Log in to the [Vultr Console](https://console.vultr.com). 1. Click the organization name in the top navigation bar. 1. Click **Manage Organization**. 1. Click the **Roles** tab. 1. Click the **+** button to add a new role. 1. Select **Assignable Role** or **Assumable Role** based on your requirement. 1. Enter a **Name** and optional **Description** for the role. 1. For an assumable role, configure the **Trusted Entity** (User, Group, or OIDC Issuer) and set the assumption schedule (Always, Specific times or Specific days). 1. In the **Permission Policies** section, search for and select the policies to attach to this role. 1. Click **Add Role**. The new role appears in the Roles list. === "Vultr API" 1. Send a `POST` request to the [**Create Role** endpoint](https://www.vultr.com/api/#tag/iam/operation/create-iam-role) to create a new role. Replace `ROLE-NAME` and `ROLE-DESCRIPTION` with your values. Set `role_type` to `assignable` for permanent access or `assumable` for temporary, time-bound access. The `max_session_duration` is specified in seconds. ```console $ curl "https://api.vultr.com/v2/roles" \ -X POST \ -H "Authorization: Bearer ${VULTR_API_KEY}" \ -H "Content-Type: application/json" \ -d '{ "name": "ROLE-NAME", "description": "ROLE-DESCRIPTION", "role_type": "assignable", "max_session_duration": 3600 }' ``` A successful request returns an HTTP `201 Created` response. Note the `id` of the role for future operations. 1. Send a `GET` request to the [**Read Role** endpoint](https://www.vultr.com/api/#tag/iam/operation/get-iam-role) to retrieve the role details. Replace `{role-id}` with the id returned from the creation request. ```console $ curl "https://api.vultr.com/v2/roles/{role-id}" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` The response contains the resource details. === "Terraform" 1. Ensure the [Vultr Terraform provider](https://registry.terraform.io/providers/vultr/vultr/latest/docs) is configured in your Terraform project. 1. Define the role resource. Replace `ROLE-NAME` and `ROLE-DESCRIPTION` with your values. Set `type` to `"assignable"` for permanent access or `"assumable"` for temporary, time-bound sessions. The `max_session_duration` is in seconds. ```hcl resource "vultr_organization_role" "my_role" { name = "ROLE-NAME" description = "ROLE-DESCRIPTION" type = "assignable" max_session_duration = 3600 } ``` 1. Apply the configuration. ```console $ terraform apply ``` Verify that the output shows `vultr_organization_role.my_role: Creation complete`. Note the role ID from the Terraform state for use in attachment resources.