---
title: "Creating and Deleting a Role"
slug: "creating-a-role"
description: "Create a role with permission policies to configure SSO SAML and OpenID protocols. You can delete a role from the Roles panel."
tags: ["Assign Role Policies", "Create Role", "Delete Role"]
updated: 2026-01-07T16:45:17Z
published: 2026-01-07T16:45:17Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Creating and Deleting a Role

## Creating a Role

1. Click **Create Role**.
2. Enter a role name. It can contain only alphanumeric characters and the following special characters: plus sign (+), equal sign (=), period (.), ampersand (@), dash (-), underscore (_).
3. Modify the code for the role, as appropriate.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718971685973.png)
4. Click **Save**to create the new role.

If the policy has a syntax error, it will be flagged with a message when you attempt to save the role. Create the role again with the corrected policy code.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1698858012133.png)

## Creating a Role for Single Sign On (SSO)

If you are configuring the SSO feature (as described in [Configuring the Single Sign On (SSO) Feature](https://docs.wasabi.com/docs/configuring-the-single-sign-on-sso-feature)), you must define a role for the SSO user. You can configure SSO using one of the following protocols:

- SAML
- OPEN ID

You must create a role based on the chosen protocol.

1. Click **Settings**on the Wasabi menu. Or, open the account sign-in ![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1697644604764.png) drop-down and click **Settings**.
2. Open the **SSO (Single Sign On)**drop-down.
3. Scroll down to Roles under the SSO configuration. For example:

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718971898005.png)
4. Click **Create Role**.
5. Enter a role name and click **Next**. For example:

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718972709099.png)
6. Assign policies to the role. You can associate policies in two ways:

Assigned policies are displayed on the right of the panel.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718972558632.png)
  - Click in the **Attach Policy To Role**area at the top of the panel. Select a policy from the drop-down.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718972323643.png)
  - Select one of the predefined policies listed on the left of the panel. Simply click on **+**to the right of the policy name.

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718972393896.png)
7. Click **Create Role**. The role is created and contains the SSO path. For example:

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/image-1718971898005.png)

## Creating a Role for SSO Legacy

If you are configuring the Single Sign On (SSO) feature (as described in [Configuring the SSO Legacy Feature](https://docs.wasabi.com/docs/configuring-the-legacy-sso-feature)), you must define a role for the SSO user. You can configure SSO using one of the following protocols:

- SAML2
- OpenID Connect (OIDC)

You must create a role based on the chosen protocol.

1. Click **Create Role**.
2. Enter a role name.
3. Modify the code for the SAML2 or OIDC protocol, as shown below.

**SAML2 Role Example**

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/creating-a-role-image-y1x4ll96.jpg)

**OIDC Role Example**

![](https://cdn.document360.io/bef0a1ea-7768-4d5a-b520-c4fe2f7fafad/Images/Documentation/creating-a-role-image-z8x5r574.jpg)
  - <RootUserAcctID> is your root user account ID.
  - <IDP> is your provider ID.
  - <RootUserAcctID> is your root user account ID.
  - <IDP> is your provider ID.
4. Click **Save**to create the new role.
5. Add a policy to the role as described in [Attaching a Policy to a Role](https://docs.wasabi.com/docs/reviewing-details-and-editing-an-existing-role#attaching-a-policy-to-a-role).

## Deleting a Role

In the Action column for a role, click **Delete**with caution. As soon as you click the button, the role is deleted.

## Related

- [SSO (Single Sign On)](/configuring-the-single-sign-on-sso-feature.md)
- [Reviewing Details and Editing an Existing Role](/reviewing-details-and-editing-an-existing-role.md)
- [Roles in Wasabi Hot Cloud Storage](/roles-1.md)