A Role is a collection of Permissions that may be associated with zero or more users.

See also

The Go structure documentation.

The model for a Role in the most recent version of the Traffic Ops API is given in Role as a Typescript Interface as a Typescript interface.

#20 Role as a Typescript Interface
interface Role {
    description: string;
    lastUpdated?: Date; //RFC3339 timestamp string - only in responses
    name: string;
    permissions: Array<string>;


The description of a Role is some human-readable text that describes what the Role is for.

Changed in version ATCv6.1.0: In versions of ATC earlier than 6.1.0, this property was allowed to be null or blank - this is no longer the case.

Last Updated

The date and time at which the Role was last modified.


A unique name for the Role. The only Role Name that is treated specially is The Admin Role.

Changed in version ATCv6.1.0: Though it was undocumented, there used to be many Role names that were treated specially by ATC in versions earlier than 6.1.0, including (but not limited to), “disallowed”, “operations”, and “steering”.

The Admin Role

A Role with a Name that is exactly “admin” is special in that it is always treated as having all Permissions, regardless of what Permissions are actually assigned to it. For this reason, the “admin” Role may never be deleted or modified.


A Role’s Permissions is a set of the Permissions afforded to the Role that define the Traffic Ops API interactions it is allowed to have. Usually - but not always - this maps directly to some HTTP method of some Traffic Ops API endpoint.

Table 53 Aliases





Legacy Traffic Ops API versions’ requests and responses

unchanged (array/set of strings)