You can use the API - security-login-role-create

Possible access level settings are none, read-only, and all. The default setting is all.

Ruby code for this would look like:

request = NaElement.new("security-login-role-create")

  request.child_add_string("role-name", new_resource.name)

  request.child_add_string("vserver", new_resource.vserver)

  request.child_add_string("command-directory-name", new_resource.command_directory)

  request.child_add_string("access-level", new_resource.access_level) if new_resource.access_level

  request.child_add_string("return-record", new_resource.return_record) if new_resource.return_record

  request.child_add_string("role-query", new_resource.role_query) if new_resource.role_query

  result = invoke_elem(request)