# Create

`POST /workspaces/:workspace/permissions`

Creates a custom permission set. Restricted to admins only.

**Required Scopes:** `WORKSPACE`

## URL Parameters

```typescript
interface URLParameters {
  /** Workspace domain */
  workspace: string; // Example: "my-company"
}
```

## Body Parameters

```typescript
interface BodyParameters {
  /** API endpoint to GET this object */
  url?: string;
  /** Web URL to view this object in Buddy.works */
  html_url?: string;
  /** The name of the permission set */
  name: string;
  /** The description of the permission set */
  description?: string;
  /** The repository access level */
  repository_access_level: "DENIED" | "READ_ONLY" | "READ_WRITE" | "MANAGE";
  /** The pipeline access level */
  pipeline_access_level: "DENIED" | "READ_ONLY" | "RUN_ONLY" | "READ_WRITE";
  /** The sandbox access level */
  sandbox_access_level: "DENIED" | "READ_ONLY" | "RUN_ONLY" | "READ_WRITE";
  /** The project team access level */
  project_team_access_level: "READ_ONLY" | "MANAGE";
  /** The environment access level */
  environment_access_level: "DENIED" | "MANAGE" | "USE_ONLY";
  /** The package access level */
  package_access_level: "DENIED" | "READ_ONLY" | "READ_WRITE" | "MANAGE";
  /** The routing access level */
  routing_access_level: "DENIED" | "READ_ONLY" | "MANAGE";
  /** The target access level */
  target_access_level: "DENIED" | "READ_ONLY" | "USE_ONLY" | "MANAGE";
}
```

## Response Body

```typescript
interface ResponseBody {
  /** The type of the permission set */
  type?: "DEVELOPER" | "READ_ONLY" | "CUSTOM" | "PROJECT_MANAGER";
  /** API endpoint to GET this object */
  url?: string;
  /** Web URL to view this object in Buddy.works */
  html_url?: string;
  /** The name of the permission set */
  name: string;
  /** The description of the permission set */
  description?: string;
  /** The repository access level */
  repository_access_level: "DENIED" | "READ_ONLY" | "READ_WRITE" | "MANAGE";
  /** The pipeline access level */
  pipeline_access_level: "DENIED" | "READ_ONLY" | "RUN_ONLY" | "READ_WRITE";
  /** The sandbox access level */
  sandbox_access_level: "DENIED" | "READ_ONLY" | "RUN_ONLY" | "READ_WRITE";
  /** The project team access level */
  project_team_access_level: "READ_ONLY" | "MANAGE";
  /** The environment access level */
  environment_access_level: "DENIED" | "MANAGE" | "USE_ONLY";
  /** The package access level */
  package_access_level: "DENIED" | "READ_ONLY" | "READ_WRITE" | "MANAGE";
  /** The routing access level */
  routing_access_level: "DENIED" | "READ_ONLY" | "MANAGE";
  /** The target access level */
  target_access_level: "DENIED" | "READ_ONLY" | "USE_ONLY" | "MANAGE";
  /** The ID of the permission set */
  id: number;
}
```

## Request Example

```bash
curl -X POST "https://api.buddy.works/workspaces/:workspace/permissions" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
  "name": "Developer",
  "description": "Full development access with restrictions",
  "repository_access_level": "READ_WRITE",
  "pipeline_access_level": "READ_WRITE",
  "sandbox_access_level": "READ_WRITE",
  "project_team_access_level": "READ_ONLY",
  "environment_access_level": "USE_ONLY",
  "package_access_level": "READ_WRITE"
}'
```

## Response Example

**Status:** `201 Permission set created successfully`

```json
{
  "url": "https://api.buddy.works/workspaces/my-workspace/permissions/4",
  "html_url": "https://app.buddy.works/my-workspace/-/permissions/edit/4",
  "id": 4,
  "name": "Artist",
  "description": "Artists can only view source",
  "type": "CUSTOM",
  "repository_access_level": "READ_ONLY",
  "pipeline_access_level": "DENIED",
  "sandbox_access_level": "DENIED",
  "project_team_access_level": "READ_ONLY",
  "environment_access_level": "DENIED",
  "package_access_level": "DENIED"
}
```

---
Original source: https://buddy.works/docs/api/platform/permissions/add