--- layout: commands page_title: 'Commands: ACL Role Create' --- # Consul ACL Role Create Command: `consul acl role create` Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/role](/api-docs/acl/roles#create-a-role) The `acl role create` command creates new roles. The table below shows this command's [required ACLs](/api#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | | ------------ | | `acl:write` | ## Usage Usage: `consul acl role create [options] [args]` #### Command Options - `-description=` - A description of the role. - `-meta` - Indicates that role metadata such as the content hash and raft indices should be shown for each entry. - `-name=` - The new role's name. This flag is required. - `-node-identity=` - Name of a node identity to use for this role. May be specified multiple times. Format is `NODENAME:DATACENTER`. Added in Consul 1.8.1. - `-policy-id=` - ID of a policy to use for this role. May be specified multiple times - `-policy-name=` - Name of a policy to use for this role. May be specified multiple times - `-service-identity=` - Name of a service identity to use for this role. May be specified multiple times. Format is the `SERVICENAME` or `SERVICENAME:DATACENTER1,DATACENTER2,...` - `-format={pretty|json}` - Command output format. The default value is `pretty`. #### Enterprise Options @include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' #### API Options @include 'http_api_options_client.mdx' @include 'http_api_options_server.mdx' ## Examples Create a new role with one policy: ```shell-session $ consul acl role create -name "crawler" -description "web crawler role" -policy-name "crawler-kv" ID: 57147d87-6bf7-f794-1a6e-7d038c4e4ae9 Name: crawler Description: web crawler role Policies: 2f8f99c7-edd9-2f09-7e4b-a1f519eb4fc2 - crawler-kv ``` Create a new role with one service identity: ```shell-session $ consul acl role create -name archiver -description 'archiver role' -service-identity "archiver:dc2" ID: a365fdc9-ac71-e754-0645-7ab6bd747301 Name: archiver Description: archiver role Service Identities: archiver (Datacenters: dc2) ```