| accounts:CloseAccount | ✔️ | ❌ | ❌ | ❌ | Allows the user to close an Account |
| accounts:CreateAccount | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create an Account |
| accounts:CreateAccountType | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create an Account Type |
| accounts:DeleteAccountType | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete an Account Type |
| accounts:DiscoverAccounts | ✔️ | ✔️ | ❌ | ❌ | Allows the user to discover AWS Accounts associated with the Organization |
| accounts:OnboardAccounts | ✔️ | ✔️ | ❌ | ❌ | Allows the user to onboard AWS Accounts associated with the Organization |
| accounts:ReadAccountTypes | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Account Types |
| accounts:ReadAccounts | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Accounts |
| accounts:UpdateAccount | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update an Account name, description and tags |
| accounts:UpdateAccountType | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update an Account Type |
| accounts:UpdateAccountTypeAccess | ✔️ | ✔️ | ❌ | ❌ | Allows the user to add an AWS role to an Account Type |
| account:UpdateAccountTypeMembers | ✔️ | ✔️ | ❌ | ❌ | Allows the user to move accounts between Account Types |
| dashboard:ReadActivityFeed | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view the activity feed |
| events:CreateEventSource | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create an Event Source |
| events:DeleteEventSource | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete an Event Source |
| events:ReadEventSources | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view an Event Source |
| events:UpdateEventSource | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update an Event Source |
| networking:CreateCIDRExclusion | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a CIDR Exclusion |
| networking:CreateCIDRRange | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a CIDR Range |
| networking:CreateDnsResolver | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a DNS Resolver |
| networking:CreateDnsRule | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a DNS Rule |
| networking:CreateDxAssociation | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway |
| networking:CreateDxResource | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a DX Resource, a DX Gateway and/or DX Vif |
| networking:CreateHub | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a Networking Hub |
| networking:CreateHubPrefixList | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a Networking Hub Prefix List |
| networking:CreateVPC | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to create a VPC |
| networking:CreateVPCPrefixList | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a VPC Prefix List |
| networking:CreateVpnConnection | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway |
| networking:CreateVpnCustomerGateway | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a VPN Customer Gateway |
| networking:DeleteCIDRExclusion | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a CIDR Exclusion |
| networking:DeleteCIDRRange | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a CIDR Range |
| networking:DeleteDnsResolver | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a DNS Resolver within a Stax Networking Hub |
| networking:DeleteDnsRule | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a DNS Rule |
| networking:DeleteDxAssociation | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a DX Association |
| networking:DeleteDxGateway | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a DX Gateway |
| networking:DeleteDxVif | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a DX Vif |
| networking:DeleteHub | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Networking Hub |
| networking:DeletePrefixList | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Prefix List |
| networking:DeleteVPC | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a VPC |
| networking:DeleteVpnConnection | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a VPN Connection with a Stax VPN Customer Gateway |
| networking:DeleteVpnCustomerGateway | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to delete a Stax VPN Customer Gateway |
| networking:ReadCIDRExclusions | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view CIDR Exclusions |
| networking:ReadCIDRRange | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view CIDR Ranges |
| networking:ReadDnsResolvers | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view DNS Resolvers for a Stax Networking Hub |
| networking:ReadDnsRules | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view DNS Rules for Stax DNS Resolvers |
| networking:ReadDxAssociations | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view DX Associations |
| networking:ReadDxConnections | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view DX Connections within Accounts |
| networking:ReadDxResources | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view DX Gateways |
| networking:ReadDxVifStatus | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view DX Vifs |
| networking:ReadHubs | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Networking Hubs |
| networking:ReadPrefixList | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Prefix Lists |
| networking:ReadVPCs | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view VPCs |
| networking:ReadVpnConnection | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view VPN Connections |
| networking:ReadVpnConnectionStatus | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view the connectivity status of VPN Tunnels for VPN Connections |
| networking:ReadVpnCustomerGateways | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view VPN Customer Gateways |
| networking:UpdateCIDRExclusion | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a CIDR Exclusion |
| networking:UpdateCIDRRange | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a CIDR Range |
| networking:UpdateDnsResolver | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a DNS Resolver |
| networking:UpdateDnsRule | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a DNS Rule |
| networking:UpdateDxAssociation | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a DX Association |
| networking:UpdateDxVif | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a DX Vif |
| networking:UpdateHub | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a Networking Hub |
| networking:UpdateHubPrefixListAssociation | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a Networking Hub Prefix List Association |
| networking:UpdatePrefixList | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a Prefix List |
| networking:UpdateVPC | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to update a VPC |
| networking:UpdateVPCPrefixListAssociation | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a VPC Prefix List Association |
| networking:UpdateVpnConnection | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a VPN Connection |
| networking:UpdateVpnCustomerGateway | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a VPN Customer Gateway |
| organisations:AttachPolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to attach a Policy to an Organization |
| organisations:CreatePolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Policy |
| organisations:DeletePolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Policy |
| organisations:DetachPolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to detach a Policy from an Organization |
| organisations:ReadOrganisation | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view their Organization details |
| organisations:ReadPolicies | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Policies |
| organisations:UpdatePolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Policy |
| permissionSets:CreateAssignment | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create an Assignment |
| permissionSets:CreatePermissionSet | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a Permission Set |
| permissionSets:DeleteAssignment | ✔️ | ✔️ | ❌ | ❌ | Allows the user to Delete an Assignment |
| permissionSets:ReadAssignments | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Assignments |
| permissionSets:ReadPermissionSets | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Permission Sets |
| permissionSets:UpdateAssignment | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update an Assignment |
| permissionSets:UpdatePermissionSet | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a Permission Set |
| support:AddComment | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to add a comment to a support case |
| support:CreateCase | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to create a support case |
| teams:CreateAPIToken | ✔️ | ❌ | ❌ | ❌ | Allows the user to create an API Token |
| teams:CreateGroup | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a Group |
| teams:CreateUser | ✔️ | ✔️ | ❌ | ❌ | Allows the user to invite a new team member |
| teams:DeleteAPIToken | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete an API Token |
| teams:DeleteGroup | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Group |
| teams:DeleteUser | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a team member |
| teams:ReadAPITokens | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view API Tokens |
| teams:ReadGroups | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Groups |
| teams:ReadUsers | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view all team members |
| teams:UpdateAPITokens | ✔️ | ❌ | ❌ | ❌ | Allows the user to update an API Token |
| teams:UpdateGroup | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a Group |
| teams:UpdateGroupMembers | ✔️ | ✔️ | ❌ | ❌ | Allows the user to add a Group member |
| teams:UpdateUser | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a team member's details or deactivate/activate them |
| teams:UpdateUserPassword | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to request a password reset |
| workloads:CreateCatalogueItem | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a Workload Catalogue Item |
| workloads:CreateCatalogueVersion | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a Workload Catalogue Version within a Workload Catalogue Item |
| workloads:CreateWorkload | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to deploy a Workload |
| workloads:DeleteCatalogueItem | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Workload Catalogue Item |
| workloads:DeleteCatalogueVersion | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Workload Catalogue Version |
| workloads:DeleteWorkload | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to delete a Workload |
| workloads:ReadCatalogueItems | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view the Workload Catalogue |
| workloads:ReadWorkloads | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view active Workloads |
| workloads:UpdateWorkload | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to update an active Workload |