The Id of the role

[Required on Create] The type of the owner of the resource.

[Required on Create] The ID of the owner of the resource.

Enum representing the type of the role. Only CUSTOM role types can be created.

• PREDEFINED: [Read-only] A predefined role. These roles are created by Wristband.
• CUSTOM: A custom role that is created by an end user.

[Required on Create] The name of the role. Name must be unique (case-insensitive) within an application. Application-level roles are prefixed with app:<app_domain_name>:, and tenant-level roles are prefixed with tnt:<tnt_domain_name>:.

[Required on Create] The display name of the role.

Optional description of the role.

Optional ID of the permission boundary that is assigned to this role.

[Required on Create] Enum representing the tenants that this permission boundary should be visible to.

• ALL: The role is visible to all tenants, and it can also be assigned to all users and tenant-level clients.
• TENANT_INCLUSION_LIST: The role is visible to only the tenants specified in the tenantVisibilityInclusionList field, and it can only be assigned to users and tenant-level clients that belong to the tenants in that list.
• NONE: The role is not visible to any tenants, and it can only be assigned to application-level subjects (such as an application-level client).
• OWNER: The role is only visible to the tenant that owns it, and it can only be assigned to users and tenant-level clients that belong to the owning tenant.

** For APPLICATION owner type, visibility can be any of ALL, TENANT_INCLUSION_LIST, or NONE. ** For TENANT owner type, visibility can only be OWNER.

Used to perform a conditional update