# Retrieves roles for the specified actor within the specified scope

Retrieves all roles assigned to the specified actor within the specified scope.
            If no scope is specified, assumes the GlobalScope

RBAC: requires Roles.Read

Endpoint: GET /api/v1/rbac/actors/{actorId}/roles
Version: 1.0
Security: header

## Path parameters:

  - `actorId` (string, required)
    ID of the actor
    Example: "us_01hxcvk1hjexere4pvtrj0ymqq"

## Query parameters:

  - `scope` (string,null)
    Optional scope to filter roles, defaults to GlobalScope ('System') if omitted
    Example: "System or gr_05hxcvk1hjexere4pvtrj0hggt"

## Response 200 fields (application/json):

  - `roleId` (string, required)
    Unique identifier for the role
    Example: "\n        'admin',\n        'System:admin',\n        'rr_01hxcvk1hjexere4pvtrj0ymqq',\n        'System:rr_01hxcvk1hjexere4pvtrj0ymqq',\n        'gr_1lkjvfdoibb126576:rr_01hxcvk1hjexere4pvtrj0ymqq',\n    "

  - `name` (string, required)
    Name of the role, unique within its scope
    Example: "ADMIN"

  - `description` (string,null)
    Optional description of the role's purpose and responsibilities
    Example: "System administrator with full access"

  - `permissions` (object, required)
    Set of permissions assigned to this role

  - `permissions.resourceAccess` (array, required)
    List of type-safe resource-specific access controls

  - `permissions.resourceAccess.resource` (string, required)
    The type-safe resource being controlled

  - `permissions.resourceAccess.actions` (array, required)
    List of allowed type-safe actions for this resource

  - `createdAt` (string, required)
    Timestamp when the role was created
    Example: "2022-03-10T16:15:50Z"

  - `updatedAt` (string, required)
    Timestamp when the role was last updated
    Example: "2022-03-10T16:15:50Z"