It doesnt appear you can use the UI to do this. The only thing available in the UI are the default policies.

However, you can approach this 1 of 2 ways, which youve kind of laid out above, you can re-create the role via API with the specific API policies as you see with what is similar to the user role.

i.e:

curl -X POST "http://IP:9000/api/v1/system/roles" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{\"id\":\"api_user\",\"policy\":[\"GET /master/groups\",\"GET /system/info\",\"GET /system/info/*\",\"GET /system/logs\",\"GET /system/logs/search\",\"GET /system/logs/notifications.log\",\"GET /system/logs/group/${groupName}/*\",\"GET /system/settings\",\"GET /system/settings/*\",\"GET /system/instance/distributed\",\"GET /system/instance/distributed/*\",\"GET /version\"]}"

However, if you already have the role created, you can then use the API to create a new policy and just apply it to that role:

i.e

curl -X POST "http://IP:9000/api/v1/system/policies" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{\"id\":\"api_policy\",\"template\":[\"GET /master/groups\",\"GET /system/info\",\"GET /system/info/*\",\"GET /system/logs\",\"GET /system/logs/search\",\"GET /system/logs/notifications.log\",\"GET /system/logs/group/${groupName}/*\",\"GET /system/settings\",\"GET /system/settings/*\",\"GET /system/instance/distributed\",\"GET /system/instance/distributed/*\",\"GET /version\"]}"

Something like above will create a policy with the specific attributes that you need and then you can assign it to the existing role.