You can assign permissions to a role or user in the API (RaaS) using save_role(...) or save_user(...) in the API AUTH interface.
Permission value syntax
Permission values in the API (RaaS) include a resource type and an action, based on the following syntax:
resource-action
Some permission values include a qualifier as follows:
resource-qualifier-action
For example, if you want to assign permission to run commands, you would use cmd-run. Whereas, to assign permission to run wheel commands, you would use cmd-wheel-run.
superuser.
API Permission values by resource
The following list includes all resource types and permitted actions:
Commands
cmd-deletecmd-readcmd-runcmd-write
Runner commands
cmd-runner-run
SSH commands
cmd-ssh-deletecmd-ssh-readcmd-ssh-runcmd-ssh-write
Wheel commands
cmd-wheel-run
Formulas
formula-deleteformula-readformula-write
Filesystem
fs-deletefs-readfs-write
Groups
group-deletegroup-readgroup-write
Jobs
job-deletejob-readjob-runjob-write
License
license-read
Salt master
master-deletemaster-readmaster-write
Salt master configuration
master-config-deletemaster-config-readmaster-config-write
Salt master filesystem
master-fs-deletemaster-fs-readmaster-fs-write
Minion
minion-deleteminion-readminion-write
Pillar
pillar-deletepillar-readpillar-write
Returners
returner-deletereturner-readreturner-write
Roles
role-deleterole-readrole-write
Schedules
schedule-deleteschedule-readschedule-write
Super user
superuser
Target
target-deletetarget-readtarget-writetarget-allminions-run
Users
user-deleteuser-readuser-write
