YugabyteDB · Capability

YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management

YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management. 8 operations. Lead operation: YugabyteDB Anywhere List All the Permissions Available. Self-contained Naftiko capability covering one Yugabytedb business surface.

Run with Naftiko YugabytedbRBAC management

What You Can Do

GET
Listpermissions — YugabyteDB Anywhere List All the Permissions Available
/v1/api/v1/customers/{cuuid}/rbac/permissions
GET
Listroles — YugabyteDB Anywhere List All the Roles Available
/v1/api/v1/customers/{cuuid}/rbac/role
POST
Createrole — YugabyteDB Anywhere Create a Custom Role
/v1/api/v1/customers/{cuuid}/rbac/role
DELETE
Deleterole — YugabyteDB Anywhere Delete a Custom Role
/v1/api/v1/customers/{cuuid}/rbac/role/{ruuid}
GET
Getrole — YugabyteDB Anywhere Get a Role's Information
/v1/api/v1/customers/{cuuid}/rbac/role/{ruuid}
PUT
Editrole — YugabyteDB Anywhere Edit a Custom Role
/v1/api/v1/customers/{cuuid}/rbac/role/{ruuid}
GET
Getrolebindings — YugabyteDB Anywhere Get All the Role Bindings Available
/v1/api/v1/customers/{cuuid}/rbac/role-binding
POST
Setrolebinding — YugabyteDB Anywhere Set the Role Bindings of a User
/v1/api/v1/customers/{cuuid}/rbac/role-binding/{useruuid}

MCP Tools

yugabytedb-anywhere-list-all-permissions

YugabyteDB Anywhere List All the Permissions Available

read-only idempotent
yugabytedb-anywhere-list-all-roles

YugabyteDB Anywhere List All the Roles Available

read-only idempotent
yugabytedb-anywhere-create-custom-role

YugabyteDB Anywhere Create a Custom Role

yugabytedb-anywhere-delete-custom-role

YugabyteDB Anywhere Delete a Custom Role

idempotent
yugabytedb-anywhere-get-role-s-information

YugabyteDB Anywhere Get a Role's Information

read-only idempotent
yugabytedb-anywhere-edit-custom-role

YugabyteDB Anywhere Edit a Custom Role

idempotent
yugabytedb-anywhere-get-all-role

YugabyteDB Anywhere Get All the Role Bindings Available

read-only idempotent
yugabytedb-anywhere-set-role-bindings

YugabyteDB Anywhere Set the Role Bindings of a User

Capability Spec

anywhere-v1-users-rbac-rbac-management.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management
  description: 'YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management. 8 operations. Lead operation: YugabyteDB
    Anywhere List All the Permissions Available. Self-contained Naftiko capability covering one Yugabytedb business surface.'
  tags:
  - Yugabytedb
  - RBAC management
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    YUGABYTEDB_API_KEY: YUGABYTEDB_API_KEY
capability:
  consumes:
  - type: http
    namespace: anywhere-v1-users-rbac-rbac-management
    baseUri: ''
    description: YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management business capability. Self-contained,
      no shared references.
    resources:
    - name: api-v1-customers-cUUID-rbac-permissions
      path: /api/v1/customers/{cUUID}/rbac/permissions
      operations:
      - name: listpermissions
        method: GET
        description: YugabyteDB Anywhere List All the Permissions Available
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: resourceType
          in: query
          type: string
          description: Optional resource type to filter permission list
    - name: api-v1-customers-cUUID-rbac-role
      path: /api/v1/customers/{cUUID}/rbac/role
      operations:
      - name: listroles
        method: GET
        description: YugabyteDB Anywhere List All the Roles Available
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: roleType
          in: query
          type: string
          description: Optional role type to filter roles list
      - name: createrole
        method: POST
        description: YugabyteDB Anywhere Create a Custom Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: request
          in: query
          type: string
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v1-customers-cUUID-rbac-role-rUUID
      path: /api/v1/customers/{cUUID}/rbac/role/{rUUID}
      operations:
      - name: deleterole
        method: DELETE
        description: YugabyteDB Anywhere Delete a Custom Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: rUUID
          in: path
          type: string
          required: true
        - name: request
          in: query
          type: string
      - name: getrole
        method: GET
        description: YugabyteDB Anywhere Get a Role's Information
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: rUUID
          in: path
          type: string
          required: true
      - name: editrole
        method: PUT
        description: YugabyteDB Anywhere Edit a Custom Role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: rUUID
          in: path
          type: string
          required: true
        - name: request
          in: query
          type: string
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-v1-customers-cUUID-rbac-role_binding
      path: /api/v1/customers/{cUUID}/rbac/role_binding
      operations:
      - name: getrolebindings
        method: GET
        description: YugabyteDB Anywhere Get All the Role Bindings Available
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: userUUID
          in: query
          type: string
          description: Optional user UUID to filter role binding map
    - name: api-v1-customers-cUUID-rbac-role_binding-userUUID
      path: /api/v1/customers/{cUUID}/rbac/role_binding/{userUUID}
      operations:
      - name: setrolebinding
        method: POST
        description: YugabyteDB Anywhere Set the Role Bindings of a User
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: cUUID
          in: path
          type: string
          required: true
        - name: userUUID
          in: path
          type: string
          required: true
        - name: request
          in: query
          type: string
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: apikey
      key: X-AUTH-YW-API-TOKEN
      value: '{{env.YUGABYTEDB_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: anywhere-v1-users-rbac-rbac-management-rest
    port: 8080
    description: REST adapter for YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management. One Spectral-compliant
      resource per consumed operation, prefixed with /v1.
    resources:
    - path: /v1/api/v1/customers/{cuuid}/rbac/permissions
      name: api-v1-customers-cuuid-rbac-permissions
      description: REST surface for api-v1-customers-cUUID-rbac-permissions.
      operations:
      - method: GET
        name: listpermissions
        description: YugabyteDB Anywhere List All the Permissions Available
        call: anywhere-v1-users-rbac-rbac-management.listpermissions
        with:
          cUUID: rest.cUUID
          resourceType: rest.resourceType
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/customers/{cuuid}/rbac/role
      name: api-v1-customers-cuuid-rbac-role
      description: REST surface for api-v1-customers-cUUID-rbac-role.
      operations:
      - method: GET
        name: listroles
        description: YugabyteDB Anywhere List All the Roles Available
        call: anywhere-v1-users-rbac-rbac-management.listroles
        with:
          cUUID: rest.cUUID
          roleType: rest.roleType
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createrole
        description: YugabyteDB Anywhere Create a Custom Role
        call: anywhere-v1-users-rbac-rbac-management.createrole
        with:
          cUUID: rest.cUUID
          request: rest.request
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/customers/{cuuid}/rbac/role/{ruuid}
      name: api-v1-customers-cuuid-rbac-role-ruuid
      description: REST surface for api-v1-customers-cUUID-rbac-role-rUUID.
      operations:
      - method: DELETE
        name: deleterole
        description: YugabyteDB Anywhere Delete a Custom Role
        call: anywhere-v1-users-rbac-rbac-management.deleterole
        with:
          cUUID: rest.cUUID
          rUUID: rest.rUUID
          request: rest.request
        outputParameters:
        - type: object
          mapping: $.
      - method: GET
        name: getrole
        description: YugabyteDB Anywhere Get a Role's Information
        call: anywhere-v1-users-rbac-rbac-management.getrole
        with:
          cUUID: rest.cUUID
          rUUID: rest.rUUID
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: editrole
        description: YugabyteDB Anywhere Edit a Custom Role
        call: anywhere-v1-users-rbac-rbac-management.editrole
        with:
          cUUID: rest.cUUID
          rUUID: rest.rUUID
          request: rest.request
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/customers/{cuuid}/rbac/role-binding
      name: api-v1-customers-cuuid-rbac-role-binding
      description: REST surface for api-v1-customers-cUUID-rbac-role_binding.
      operations:
      - method: GET
        name: getrolebindings
        description: YugabyteDB Anywhere Get All the Role Bindings Available
        call: anywhere-v1-users-rbac-rbac-management.getrolebindings
        with:
          cUUID: rest.cUUID
          userUUID: rest.userUUID
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/v1/customers/{cuuid}/rbac/role-binding/{useruuid}
      name: api-v1-customers-cuuid-rbac-role-binding-useruuid
      description: REST surface for api-v1-customers-cUUID-rbac-role_binding-userUUID.
      operations:
      - method: POST
        name: setrolebinding
        description: YugabyteDB Anywhere Set the Role Bindings of a User
        call: anywhere-v1-users-rbac-rbac-management.setrolebinding
        with:
          cUUID: rest.cUUID
          userUUID: rest.userUUID
          request: rest.request
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: anywhere-v1-users-rbac-rbac-management-mcp
    port: 9090
    transport: http
    description: MCP adapter for YugabyteDB Anywhere v1 — Users, Sessions, and RBAC — RBAC management. One tool per consumed
      operation, routed inline through this capability's consumes block.
    tools:
    - name: yugabytedb-anywhere-list-all-permissions
      description: YugabyteDB Anywhere List All the Permissions Available
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anywhere-v1-users-rbac-rbac-management.listpermissions
      with:
        cUUID: tools.cUUID
        resourceType: tools.resourceType
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-list-all-roles
      description: YugabyteDB Anywhere List All the Roles Available
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anywhere-v1-users-rbac-rbac-management.listroles
      with:
        cUUID: tools.cUUID
        roleType: tools.roleType
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-create-custom-role
      description: YugabyteDB Anywhere Create a Custom Role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: anywhere-v1-users-rbac-rbac-management.createrole
      with:
        cUUID: tools.cUUID
        request: tools.request
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-delete-custom-role
      description: YugabyteDB Anywhere Delete a Custom Role
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: anywhere-v1-users-rbac-rbac-management.deleterole
      with:
        cUUID: tools.cUUID
        rUUID: tools.rUUID
        request: tools.request
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-get-role-s-information
      description: YugabyteDB Anywhere Get a Role's Information
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anywhere-v1-users-rbac-rbac-management.getrole
      with:
        cUUID: tools.cUUID
        rUUID: tools.rUUID
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-edit-custom-role
      description: YugabyteDB Anywhere Edit a Custom Role
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: anywhere-v1-users-rbac-rbac-management.editrole
      with:
        cUUID: tools.cUUID
        rUUID: tools.rUUID
        request: tools.request
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-get-all-role
      description: YugabyteDB Anywhere Get All the Role Bindings Available
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: anywhere-v1-users-rbac-rbac-management.getrolebindings
      with:
        cUUID: tools.cUUID
        userUUID: tools.userUUID
      outputParameters:
      - type: object
        mapping: $.
    - name: yugabytedb-anywhere-set-role-bindings
      description: YugabyteDB Anywhere Set the Role Bindings of a User
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: anywhere-v1-users-rbac-rbac-management.setrolebinding
      with:
        cUUID: tools.cUUID
        userUUID: tools.userUUID
        request: tools.request
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.