Setting user roles when creating a user via script

I’m trying to create a user via scripting and as a part of that, give the new user roles.

I can see how to set every attribute of the new user but I’m having trouble finding documentation as to how to set their roles.

Is it as simple as newUser.set('roles', rolesList) or is there more to it? I can’t see any documentation about this.

EDIT: Yeah that doesn’t work.

You’re close. Due to technical limitations, some things get accessed differently than others. Here’s the sample script I gave to training:

def printResponse(responseList):
    if len(responseList) > 0:
        for response in responseList:
            print "", response
        print " None" 

# Make a brand new 'blank' user. Not saved until we, well, save
username = event.source.parent.getComponent('Text Field').text
user = system.user.getNewUser("", "myAwesomeUser")

# Let's fill in some fields. Note we have two ways to access property names
user.set("firstname", "Naomi")
user.set(user.LastName, "Nagata")
user.set("password", "1234567890")

# We can add contact info one at a time. Up to the script user to make sure the type is legit
user.addContactInfo("email", "")

#we can add a lot of contact info
contactInfo = {"email":"","sms": "5551212"}

# We can delete contact info. Only deletes if both fields match.
user.removeContactInfo("sms", "5551212")

# we can add a role. If the role doesn't already exist, user save will fail, depending on user source

# we can add a lot of roles
roles = ["Administrator", "prisoner"] 

# and we can remove a role

# we can add a schedule adjustment too
date2 =
date1 =
user.addScheduleAdjustment(date1, date2, False, "An adjustment note")

# we can make a bunch of adjustments and add them en-masse
date3 =, -4)
adj1 = system.user.createScheduleAdjustment(date3, date2, True, "Another note")
adj2 = system.user.createScheduleAdjustment(date3, date1, False, "")
user.addScheduleAdjustments([adj1, adj2])

# and we can remove a schedule adjustment. All fields must match.
user.removeScheduleAdjustment(date1, date2, True, "Some other note")

# finally need to save our new user and print responses
response = system.user.addUser("", user)

warnings = response.getWarns()
print "Warnings are:"
errors = response.getErrors()
print "Errors are:"
infos = response.getInfos()
print "Infos are:"


1 Like

Actually, sorry, this isn’t working for me for some reason. I’m getting the error:

TypeError: addRoles(): 1st arg can't be coerced to java.util.Collection

in user.addRoles(roles). I’m giving it a list that is pulled from an Array property in the perspective view (that I’ve wrapped in list() just to see if that fixed the error, it didn’t)

Am I missing something here?

Looks like you may need to iterate through and add them one by one for now. I’m not too familiar with the array props in perspective, but I know they aren’t an actual array-array. I’ll get someone to look at it – I know we can make that more intuitive.

Ah, looks like we’re already working on this.

While this will be fixed in the future, there is a workaround for the time being. If you are pulling the roles from an array property, you can get the underlying list by calling tolist() on the property like roles = self.custom.customArray.tolist()

1 Like

Hello everyone,

I know this thread has been opened for some time, however I am currently trying to access some graphs saved in my database. The problem is that I am connecting with a user who does not have all the roles. To be clearer, I need to show some graphics in a window (only one window), for this I need my user to have all the roles in that window. I am using the following request:

chartCount = system.db.runPrepQuery(“SELECT COUNT(*) FROM saved_graphs”,[], database)

But this request (or fonction) « is blocked to users that do not meet the role/zone requirements for the above permission type. This function is unaffected when run in the Gateway scope ».

So, I’ve wondering how i can give the “Administrator Roles” to my user? Or there is another way to divert the probleme?


You may not need to give them an administrator role, you may just need to give them access to database functions in the client.

Starting in projects created in 7.9.4 or higher, you need to explicitly give permission to run database queries that are not named queries in the client. This is to help your project be more secure and prevent a malicious person from spoofing queries.

You can either change this query to a named query, or add permission for legacy db queries to the project.

1 Like

Hi Kathy,
I juste give them access to database functions in the client as you said. It’s working as expected.
Thanks again,

1 Like