AuthorizationRole-Based Access Control (RBAC)

RBAC Management with SDKs

Descope's Role-Based Access Control (RBAC) system provides a flexible and powerful way to manage user permissions in your applications. You can use these SDK functions to implement RBAC in your application.

Backend SDK

Install SDK

Terminal
npm i --save @descope/node-sdk
Terminal
pip3 install descope
Terminal
go get github.com/descope/go-sdk
// Include the following in your `pom.xml` (Maven)
<dependency>
    <artifactId>java-sdk</artifactId>
    <groupId>com.descope</groupId>
    <version>sdk-version</version> // Check https://github.com/descope/descope-java/releases for the latest versions
</dependency>
Terminal
gem install descope
Terminal
composer require descope/descope-php
Terminal
dotnet add package descope

Import and initialize SDK

import DescopeClient from '@descope/node-sdk';
try{
    //  baseUrl="<URL>" // When initializing the Descope client, you can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize a custom domain within your Descope project.
    const descopeClient = DescopeClient({ projectId: '__ProjectID__' });
} catch (error) {
    // handle the error
    console.log("failed to initialize: " + error)
}
from descope import (
    REFRESH_SESSION_TOKEN_NAME,
    SESSION_TOKEN_NAME,
    AuthException,
    DeliveryMethod,
    DescopeClient,
    AssociatedTenant,
    RoleMapping,
    AttributeMapping,
    LoginOptions
)
try:
    # You can configure the baseURL by setting the env variable Ex: export DESCOPE_BASE_URI="https://auth.company.com  - this is useful when you utilize custom domain within your Descope project."
    descope_client = DescopeClient(project_id='__ProjectID__')
except Exception as error:
    # handle the error
    print ("failed to initialize. Error:")
    print (error)
import "github.com/descope/go-sdk/descope"
import "github.com/descope/go-sdk/descope/client"

// Utilizing the context package allows for the transmission of context capabilities like cancellation
//      signals during the function call. In cases where context is absent, the context.Background()
//      function serves as a viable alternative.
//      Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
import (
	"context"
)

// DescopeBaseURL // within the client.Config, you can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize a custom domain within your Descope project.

descopeClient, err := client.NewWithConfig(&client.Config{ProjectID:"__ProjectID__"})
if err != nil {
    // handle the error
    log.Println("failed to initialize: " + err.Error())
}
import com.descope.client.Config;
import com.descope.client.DescopeClient;

var descopeClient = new DescopeClient(Config.builder().projectId("__ProjectID__").build());
require 'descope'

@project_id = ENV['__ProjectID__']
@client = Descope::Client.new({ project_id: @project_id})
require 'vendor/autoload.php';
use Descope\SDK\DescopeSDK;
 
$descopeSDK = new DescopeSDK([
    'projectId' => $_ENV['__ProjectID__'],
]);
// appsettings.json

{
  "Descope": {
    "ProjectId": "__ProjectID__",
    "ManagementKey": "DESCOPE_MANAGEMENT_KEY"
  }
}

// Program.cs

using Descope;
using Microsoft.Extensions.Configuration;

// ... In your setup code
var config = new ConfigurationBuilder()
  .AddJsonFile("appsettings.json")
  .Build();

var descopeProjectId = config["Descope:ProjectId"];
var descopeManagementKey = config["Descope:ManagementKey"];

var descopeConfig = new DescopeConfig(projectId: descopeProjectId);
var descopeClient = new DescopeClient(descopeConfig)
{
    ManagementKey = descopeManagementKey,
};

Load All Permissions

This function allows administrators to return all details for permissions configured within the Descope instance. The response includes an array of permissions and the details of each permission.

const resp = await descopeClient.management.permission.loadAll()
if (!resp.ok) {
  console.log("Failed to load permissions.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded permissions.")
  console.log(resp.data)
}
try:
  resp = descope_client.mgmt.permission.load_all()
  print("Successfully loaded permissions.")
  print(json.dumps(resp, indent=4))
except AuthException as error:
  print ("Unable to load permissions.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()

res, err := descopeClient.Management.Permission().LoadAll(ctx)
if  (err != nil){
  fmt.Println("Unable to load permissions.", err)
} else {
  fmt.Println("Successfully loaded permissions.")
  for _, permission := range res {
    fmt.Println(permission)
  }
}
// You can optionally set a description for a permission.
PermissionService ps = descopeClient.getManagementServices().getPermissionService();

// Load all permissions
try {
    PermissionResponse resp = ps.loadAll();
    for (Permission p : resp.getPermissions()) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   (none) — Loads all permissions configured in the project.

try
{
    var permissions = await descopeClient.Management.Permission.LoadAll();
    foreach(var permission in permissions)
    {
        // Do something
    }
}
catch (DescopeException ex)
{
    // Handle the error
}

Create a Permission

This function allows administrators to create a new permission.

// Args:
// 		name (str): permission name.
const name = "Test Permission"
// 		description (str): Optional description to briefly explain what this permission allows.
const description = "My description"

const resp = await descopeClient.management.permission.create(name, description)
if (!resp.ok) {
  console.log("Failed to create permission.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully created permission.")
}
# Args:
#   name (str): permission name.
name = "Test Permission"
#   description (str): Optional description to briefly explain what this permission allows.
description = "My description"

try:
  descope_client.mgmt.permission.create(name=name,description=description)
  print("Successfully created permission")
except AuthException as error:
  print ("Unable to create permission.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
// 		name (str): permission name.
name := "Test Permission"
// 		description (str): Optional description to briefly explain what this permission allows.
description := "My description"

err := descopeClient.Management.Permission().Create(ctx, name, description)
if  (err != nil){
  fmt.Println("Unable to create permission.", err)
} else {
  fmt.Println("Successfully created permission")
}
// You can optionally set a description for a permission.
PermissionService ps = descopeClient.getManagementServices().getPermissionService();

String name = "My Permission";
String description = "Optional description to briefly explain what this permission allows.";

try {
    ps.create(name, description);
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   permName (string): Unique name that identifies the permission.
var permName = "my-permission-name";
//   desc (string?): Optional description of the permission’s purpose.
var desc = "Optional description to briefly explain what this permission allows.";

try
{
    await descopeClient.Management.Permission.Create(name: permName, description: desc);
}
catch (DescopeException ex)
{
    // Handle the error
}

Update a Permission

This function allows administrators to update an existing permission with the given various fields. It is important to note that parameters are used as overrides to the existing permission; empty fields will override populated fields.

// Args:
// 		name (str): permission name.
const name = "Test Permission"
// 		newName (str): permission updated name.
const newName = "Updated Test Permission"
// 		description (str): Optional description to briefly explain what this permission allows.
const description = "My updated description"

const resp = await descopeClient.management.permission.update(name, newName, description)
if (!resp.ok) {
  console.log("Failed to update permission.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated permission.")
}
# Args:
#   name (str): permission name.
name = "Test Permission"
#   new_name (str): permission updated name.
new_name = "Updated Test Permission"
#   description (str): Optional description to briefly explain what this permission allows.
description = "My updated description"

try:
  descope_client.mgmt.permission.update(name=name, new_name=new_name, description=description)
  print("Successfully updated permission")
except AuthException as error:
  print ("Unable to update permission.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
// 		name (str): permission name.
name := "Test Permission"
// 		newName (str): permission updated name.
newName := "Updated Test Permission"
// 		description (str): Optional description to briefly explain what this permission allows.
description := "My updated description"

err := descopeClient.Management.Permission().Update(ctx, name, newName, description)
if  (err != nil){
  fmt.Println("Unable to update permission.", err)
} else {
  fmt.Println("Successfully updated permission")
}
// You can optionally set a description for a permission.
PermissionService ps = descopeClient.getManagementServices().getPermissionService();

// Update will override all fields as is. Use carefully.
String newName = "My Updated Permission";
description = "A revised description";

try {
    ps.update(name, newName, description);
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   permName (string): Current name of the permission to modify.
var permName = "my-permission-name";
//   newName (string): New name to set.
var newName = "new-permission-name";
//   desc (string?): Updated description (optional).
var desc = "A revised description";

try
{
    await descopeClient.Management.Permission.Update(name: permName, newName: newName, description: desc);
}
catch (DescopeException ex)
{
    // Handle the error
}

Delete a Permission

This function allows administrators to delete an existing permission. It is important to note that this action is irreversible.

// Args:
// 		name (str): The name of the permission to be deleted.
const name = "Updated Test Permission"

const resp = await descopeClient.management.permission.delete(name)
if (!resp.ok) {
  console.log("Failed to delete permission.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deleted permission.")
}
# Args:
#   name (str): The name of the permission to be deleted.
name = "Updated Test Permission"

# Permission deletion cannot be undone. Use carefully.
try:
  descope_client.mgmt.permission.delete(name=name)
  print("Successfully deleted permission")
except AuthException as error:
  print ("Unable to delete permission.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
// 		name (str): The name of the permission to be deleted.
name := "Updated Test Permission"

// Permission deletion cannot be undone. Use carefully.
err := descopeClient.Management.Permission().Delete(ctx, name)
if  (err != nil){
  fmt.Println("Unable to delete permission.", err)
} else {
  fmt.Println("Successfully deleted permission")
}
// You can optionally set a description for a permission.
PermissionService ps = descopeClient.getManagementServices().getPermissionService();

// Permission deletion cannot be undone. Use carefully.
try {
    ps.delete(newName);
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   permName (string): The name of the permission to delete (irreversible).
var permName = "my-permission-name";

try
{
    await descopeClient.Management.Permission.Delete(name: permName);
}
catch (DescopeException ex)
{
    // Handle the error
}

Load All Roles

This function allows administrators to return all details for roles configured within the Descope instance. The response includes an array of roles and the details of each role.

const resp = await descopeClient.management.role.loadAll()
if (!resp.ok) {
  console.log("Failed to load roles.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded roles.")
  console.log(resp.data)
}
try:
  resp = roles_resp = descope_client.mgmt.role.load_all()
  print("Successfully loaded roles.")
  print(json.dumps(resp, indent=4))
except AuthException as error:
  print ("Unable to load roles.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()

res, err := descopeClient.Management.Role().LoadAll(ctx)
if  (err != nil){
  fmt.Println("Unable to load roles.", err)
} else {
  fmt.Println("Successfully loaded roles.")
  for _, role := range res {
    fmt.Println(role)
  }
}
// You can optionally set a description and associated permission for a roles.
RolesService rs = descopeClient.getManagementServices().getRolesService();

// Load all roles
try {
    RoleResponse resp = rs.loadAll();
    for (Role r : resp.getRoles()) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   (none) — Loads all roles configured in the project.

try
{
    var roles = await descopeClient.Management.Role.LoadAll();
    foreach(var role in roles)
    {
        // Do something
    }
}
catch (DescopeException ex)
{
    // Handle the error
}

Search for Roles

This function allows administrators to return specific roles configured within the Descope instance using several parameters. The response includes an array of roles and the details of each role.

// Args:
//    tenant_ids (List[str]): List of tenant ids to filter by
const tenant_ids = ["Tenant ID"]
//    role_names (List[str]): Only return matching roles to the given names
const role_names = ["Role name"]
//    role_name_like (str): Return roles that contain the given string ignoring case
const role_name_like = "string in role"
//    permission_names (List[str]): Only return roles that have the given permissions
const permission_names = ["TestPermission"]

const resp = await descopeClient.management.role.search(tenant_ids, role_names, role_name_like, permission_names)
if (!resp.ok) {
  console.log("Failed to Search for roles.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully searched for roles.")
  console.log(resp.data)
}
# Args:
#   tenant_ids (List[str]): List of tenant ids to filter by
tenant_ids = ["My Test Role"]
#   role_names (List[str]): Only return matching roles to the given names
role_names = ["Role name"]
#   role_name_like (str): Return roles that contain the given string ignoring case
role_name_like = "string in role"
#   permission_names (List[str]): Only return roles that have the given permissions
permission_names = ["Permission name"]


try:
  resp = descope_client.mgmt.role.search(tenant_ids=tenant_ids, role_names=role_names, role_name_like=role_name_like, permission_names=permission_names)
  print("Successfully searched for role.")
  print(json.dumps(resp, indent=4))
except AuthException as error:
  print ("Unable to search role.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    tenant_ids (List[str]): List of tenant ids to filter by
tenant_ids := []string{"Tenant ID"}
//    role_names (List[str]): Only return matching roles to the given names
role_names := []string{"Role name"}
//    role_name_like (str): Return roles that contain the given string ignoring case
role_name_like := "string in role"
//    permission_names (List[str]): Only return roles that have the given permissions
permission_names := []string{"Permission Name"}


res, err := descopeClient.Management.Role().Search(context.Background(), &descope.RoleSearchOptions{
	tenant_ids,
	role_names,
  role_name_like,
  permission_names
})
if err == nil {
    for _, role := range res {
        fmt.Println(role)
    }
}
// You can optionally set a description and associated permission for a roles.
RolesService rs = descopeClient.getManagementServices().getRolesService();

List<String> tenant_ids = Arrays.asList("Tenant ID");
List<String> role_names = Arrays.asList("Role Name");
String role_name_like = "string in role";
List<String> permission_names = Arrays.asList("Permission Name");

try {
    RoleResponse resp = rs.search(tenant_ids, role_names, role_name_like, permission_names);
    for (Role r : resp.getRoles()) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   searchOpts (RoleSearchOptions?): Optional filters for role name, tenant Id.
RoleSearchOptions? searchOpts = new RoleSearchOptions
{
    TenantIds: new List<string>{"tenant1", "tenant2"},
    RoleNames: new List<string>{"name1"},
}

try
{
    var roles = await descopeClient.Management.Role.SearchAll(options: searchOpts);
    foreach(var role in roles)
    {
        // Do something
    }
}
catch (DescopeException ex)
{
    // Handle the error
}

Create a Role

This function allows administrators to create a new role.

// Args:
//    name (str): role name.
const name = "My Test Role"
// description (str): Optional description to briefly explain what this role allows.
const description = "My Role Description"
// permissionNames (List[str]): Optional list of names of permissions this role grants.
const permissionNames = ["TestPermission"]
//    tenantId (str): Optional Tenant ID to assign new role to specific tenant
const tenantId = "Tenant ID"

const resp = await descopeClient.management.role.create(name, description, permissionNames, tenantId)
if (!resp.ok) {
  console.log("Failed to create role.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully created role.")
}
# Args:
#   name (str): role name.
name = "My Test Role"
#   description (str): Optional description to briefly explain what this role allows.
description = "My Role Description"
#   permission_names (List[str]): Optional list of names of permissions this role grants.
permission_names = ["TestPermission"]
#   tenant_id (str): Optional Tenant ID to assign new role to specific tenant
tenant_id = "Tenant ID"

try:
  descope_client.mgmt.role.create(name=name, description=description, permission_names=permission_names, tenant_id=tenant_id)
  print("Successfully created role.")
except AuthException as error:
  print ("Unable to create role.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    name (str): role name.
name := "My Test Role"
// description (str): Optional description to briefly explain what this role allows.
description := "My Role Description"
// permissionNames (List[str]): Optional list of names of permissions this role grants.
permissionNames := []string{"TestPermission"}
//    tenantId (str): Optional Tenant ID to assign new role to specific tenant
tenantID := "Tenant ID"

err := descopeClient.Management.Role().Create(ctx, name, description, permissionNames, tenantID)
if  (err != nil){
  fmt.Println("Unable to create role.", err)
} else {
  fmt.Println("Successfully created role.")
}
// You can optionally set a description and associated permission for a roles.
RolesService rs = descopeClient.getManagementServices().getRolesService();

String name = "My Role";
String description = "Optional description to briefly explain what this role allows.";
List<String> permissionNames = Arrays.asList("My Updated Permission");
// Pending release of Optional Tenant ID

try {
    rs.create(name, description, permissionNames);
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   roleName (string): Name that identifies the role.
var roleName = "my-role-name";
//   desc (string?): Optional description of the role’s purpose.
string? desc = "Optional description to briefly explain what this role allows.";
//   permNames (List<string>?): Permissions granted by this role (project‑level unless tenantID provided).
var permNames = new List<string> { "permission-name1", "permission-name2"};
//   tenantID (string?): Optionally bind the role to a specific tenant.
string? tenantID = null;   // e.g., "Tenant‑ID1" 

try
{
    await descopeClient.Management.Role.Create(name: roleName, description: desc, permissionNames: permNames, tenantId: tenantID);
}
catch (DescopeException ex)
{
    // Handle the error
}

Update a Role

This function allows administrators to update an existing role with the given various fields. It is important to note that parameters are used as overrides to the existing role; empty fields will override populated fields.

// Args:
//    name (str): role name.
const name = "My Test Role"
//    newName (str): role updated name.
const newName = "My Updated Test Role"
//    description (str): Optional description to briefly explain what this role allows.
const description = "My Updated Role Description"
//    permissionNames (List[str]): Optional list of names of permissions this role grants.
const permissionNames = ["TestPermission", "TestPermission2"]
//    tenantId (str): Optional Tenant ID to assign new role to specific tenant
const tenantId = "Tenant ID"

const resp = await descopeClient.management.role.update(name, newName, description, permissionNames, tenantId)
if (!resp.ok) {
  console.log("Failed to update role.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated role.")
}
# Args:
#   name (str): role name.
name = "My Test Role"
#   new_name (str): role updated name.
new_name = "My Updated Test Role"
#   description (str): Optional description to briefly explain what this role allows.
description = "My Updated Role Description"
#   permission_names (List[str]): Optional list of names of permissions this role grants.
permission_names = ["TestPermission", "TestPermission2"]
#   tenant_id (str): Optional Tenant ID to assign new role to specific tenant
tenant_id = "Tenant ID"

# Update will override all fields as is. Use carefully.
try:
  descope_client.mgmt.role.update(name=name, new_name=new_name, description=description, permission_names=permission_names, tenant_id=tenant_id)
  print("Successfully updated role.")
except AuthException as error:
  print ("Unable to update role.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    name (str): role name.
name := "My Test Role"
//    newName (str): role updated name.
newName := "My Updated Test Role"
//    description (str): Optional description to briefly explain what this role allows.
description := "My Updated Role Description"
//    permissionNames (List[str]): Optional list of names of permissions this role grants.
permissionNames := []string{"TestPermission", "TestPermission2"}
//    tenantId (str): Optional Tenant ID to assign new role to specific tenant
tenantID := "Tenant ID"

// Update will override all fields as is. Use carefully.
err := descopeClient.Management.Role().Update(ctx, name, newName, description, permissionNames, tenantID)
if  (err != nil){
  fmt.Println("Unable to update role.", err)
} else {
  fmt.Println("Successfully updated role.")
}
// Update will override all fields as is. Use carefully.
String newName = "My Updated Role";
description = "A revised description";
permissionNames.add("Another Permission");
// Pending release of Optional Tenant ID

try {
    rs.update(name, newName, description, permissionNames);
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   roleName (string): Current name of the role to modify.
var roleName = "my-role-name";
//   newName (string): New name to assign.
var newName = "new-role-name";
//   desc (string?): Updated description (optional).
string? desc = "A revised description";
//   permNames (List<string>?): Updated permission list (overrides existing).
var permNames = new List<string> { "permission-name1", "permission-name2" };
//   tenantID (string?): Optionally bind the role to a specific tenant.
string? tenantID = null;    // e.g., "Tenant‑ID1" 

try
{
    await descopeClient.Management.Role.Update(name: roleName, newName: newName, description: desc, permissionNames: permNames, tenantIDs: tenantID);
}
catch (DescopeException ex)
{
    // Handle the error
}

Delete a Role

This function allows administrators to delete an existing role. It is important to note that this action is irreversible.

// Args:
//    name (str): The name of the role to be deleted.
const name = "My Updated Test Role"
//    tenantId (str): Optional Tenant ID to assign new role to specific tenant
const tenantId = "Tenant ID"

const resp = await descopeClient.management.role.delete(name, tenantId)
if (!resp.ok) {
  console.log("Failed to delete role.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deleted role.")
}
# Args:
#   name (str): The name of the role to be deleted.
name = "My Updated Test Role"
#   tenant_id (str): Optional Tenant ID to assign new role to specific tenant
tenant_id = "Tenant ID"

try:
  descope_client.mgmt.role.delete(name=name, tenant_id=tenant_id)
  print("Successfully deleted role.")
except AuthException as error:
  print ("Unable to delete role.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    name (str): The name of the role to be deleted.
name := "My Updated Test Role"
//    tenantId (str): Optional Tenant ID to assign new role to specific tenant
tenantID := "Tenant ID"

err := descopeClient.Management.Role().Delete(ctx, name, tenantID)
if  (err != nil){
  fmt.Println("Unable to delete role.", err)
} else {
  fmt.Println("Successfully deleted role.")
}
// You can optionally set a description and associated permission for a roles.
RolesService rs = descopeClient.getManagementServices().getRolesService();
// Pending release of Optional Tenant ID

// Role deletion cannot be undone. Use carefully.
try {
    rs.delete(newName);
} catch (DescopeException de) {
    // Handle the error
}
// Args:
//   roleName (string): The name of the role to delete (irreversible).
var roleName = "my-role-name";
//   tenantID (string?): Optional tenant ID if the role is tenant‑scoped.
string? tenantID = null;   // e.g., "Tenant‑ID1" 

try
{
    await descopeClient.Management.Role.Delete(name: roleName, tenantId: tenantID);
}
catch (DescopeException ex)
{
    // Handle the error
}
Was this helpful?
SparklesAsk AI about this pageArrowRight

B2B RBAC Example

Discover how Descope's Roles and Permissions features support fine-grained access controls and streamline authentication development.

Overview

Relationship-Based Access Control (ReBAC) allows you to manage access permissions in your application based on relationships between entities

On this page

RBAC Management with SDKsLoad All PermissionsCreate a PermissionUpdate a PermissionDelete a PermissionLoad All RolesSearch for RolesCreate a RoleUpdate a RoleDelete a Role