Skip to main content

Permissions in Stax

The below table provides a a list of permissions for each role in Stax.

KeyDescription
✔️User can perform this action
User cannot perform this action

Stax User Permissions

ActionsAdminUserRead OnlyCost & Compliance AdminDescription
accounts:CloseAccount✔️Allows the user to close an Account
accounts:CreateAccount✔️Allows the user to create an Account
accounts:CreateAccountType✔️Allows the user to create an Account Type
accounts:DeleteAccountType✔️Allows the user to delete an Account Type
accounts:DiscoverAccounts✔️Allows the user to discover AWS Accounts associated with the Organization
accounts:OnboardAccounts✔️Allows the user to onboard AWS Accounts associated with the Organization
accounts:ReadAccountTypes✔️✔️✔️Allows the user to view Account Types
accounts:ReadAccounts✔️✔️✔️✔️Allows the user to view Accounts
accounts:UpdateAccount✔️Allows the user to update an Account name, description and tags
accounts:UpdateAccountType✔️Allows the user to update an Account Type
accounts:UpdateAccountTypeAccess✔️Allows the user to add an AWS role to an Account Type
account:UpdateAccountTypeMembers✔️Allows the user to move accounts between Account Types
dashboard:ReadActivityFeed✔️✔️✔️✔️Allows the user to view the activity feed
events:CreateEventSource✔️Allows the user to create an Event Source
events:DeleteEventSource✔️Allows the user to delete an Event Source
events:ReadEventSources✔️✔️✔️✔️Allows the user to view an Event Source
events:UpdateEventSource✔️Allows the user to update an Event Source
networking:CreateCIDRExclusion✔️Allows the user to create a CIDR Exclusion
networking:CreateCIDRRange✔️Allows the user to create a CIDR Range
networking:CreateDnsResolver✔️Allows the user to create a DNS Resolver
networking:CreateDnsRule✔️Allows the user to create a DNS Rule
networking:CreateDxAssociation✔️Allows the user to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway
networking:CreateDxResource✔️Allows the user to create a DX Resource, a DX Gateway and/or DX Vif
networking:CreateHub✔️Allows the user to create a Networking Hub
networking:CreateHubPrefixList✔️Allows the user to create a Networking Hub Prefix List
networking:CreateVPC✔️✔️Allows the user to create a VPC
networking:CreateVPCPrefixList✔️Allows the user to create a VPC Prefix List
networking:CreateVpnConnection✔️Allows the user to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway
networking:CreateVpnCustomerGateway✔️Allows the user to create a VPN Customer Gateway
networking:DeleteCIDRExclusion✔️Allows the user to delete a CIDR Exclusion
networking:DeleteCIDRRange✔️Allows the user to delete a CIDR Range
networking:DeleteDnsResolver✔️Allows the user to delete a DNS Resolver within a Stax Networking Hub
networking:DeleteDnsRule✔️Allows the user to delete a DNS Rule
networking:DeleteDxAssociation✔️Allows the user to delete a DX Association
networking:DeleteDxGateway✔️Allows the user to delete a DX Gateway
networking:DeleteDxVif✔️Allows the user to delete a DX Vif
networking:DeleteHub✔️Allows the user to delete a Networking Hub
networking:DeletePrefixList✔️Allows the user to delete a Prefix List
networking:DeleteVPC✔️Allows the user to delete a VPC
networking:DeleteVpnConnection✔️Allows the user to delete a VPN Connection with a Stax VPN Customer Gateway
networking:DeleteVpnCustomerGateway✔️✔️Allows the user to delete a Stax VPN Customer Gateway
networking:ReadCIDRExclusions✔️✔️✔️Allows the user to view CIDR Exclusions
networking:ReadCIDRRange✔️✔️✔️Allows the user to view CIDR Ranges
networking:ReadDnsResolvers✔️✔️✔️Allows the user to view DNS Resolvers for a Stax Networking Hub
networking:ReadDnsRules✔️✔️✔️Allows the user to view DNS Rules for Stax DNS Resolvers
networking:ReadDxAssociations✔️✔️✔️Allows the user to view DX Associations
networking:ReadDxConnections✔️✔️✔️Allows the user to view DX Connections within Accounts
networking:ReadDxResources✔️✔️✔️Allows the user to view DX Gateways
networking:ReadDxVifStatus✔️✔️✔️Allows the user to view DX Vifs
networking:ReadHubs✔️✔️✔️Allows the user to view Networking Hubs
networking:ReadPrefixList✔️✔️✔️Allows the user to view Prefix Lists
networking:ReadVPCs✔️✔️✔️Allows the user to view VPCs
networking:ReadVpnConnection✔️✔️✔️Allows the user to view VPN Connections
networking:ReadVpnConnectionStatus✔️✔️✔️Allows the user to view the connectivity status of VPN Tunnels for VPN Connections
networking:ReadVpnCustomerGateways✔️✔️✔️Allows the user to view VPN Customer Gateways
networking:UpdateCIDRExclusion✔️Allows the user to update a CIDR Exclusion
networking:UpdateCIDRRange✔️Allows the user to update a CIDR Range
networking:UpdateDnsResolver✔️Allows the user to update a DNS Resolver
networking:UpdateDnsRule✔️Allows the user to update a DNS Rule
networking:UpdateDxAssociation✔️Allows the user to update a DX Association
networking:UpdateDxVif✔️Allows the user to update a DX Vif
networking:UpdateHub✔️Allows the user to update a Networking Hub
networking:UpdateHubPrefixListAssociation✔️Allows the user to update a Networking Hub Prefix List Association
networking:UpdatePrefixList✔️Allows the user to update a Prefix List
networking:UpdateVPC✔️✔️Allows the user to update a VPC
networking:UpdateVPCPrefixListAssociation✔️Allows the user to update a VPC Prefix List Association
networking:UpdateVpnConnection✔️Allows the user to update a VPN Connection
networking:UpdateVpnCustomerGateway✔️Allows the user to update a VPN Customer Gateway
organisations:AttachPolicy✔️Allows the user to attach a Policy to an Organization
organisations:CreatePolicy✔️Allows the user to create a Policy
organisations:DeletePolicy✔️Allows the user to delete a Policy
organisations:DetachPolicy✔️Allows the user to detach a Policy from an Organization
organisations:ReadOrganisation✔️✔️✔️Allows the user to view their Organization details
organisations:ReadPolicies✔️✔️✔️Allows the user to view Policies
organisations:UpdatePolicy✔️Allows the user to update a Policy
permissionSets:CreateAssignment✔️Allows the user to create an Assignment
permissionSets:CreatePermissionSet✔️Allows the user to create a Permission Set
permissionSets:DeleteAssignment✔️Allows the user to Delete an Assignment
permissionSets:ReadAssignments✔️✔️✔️✔️Allows the user to view Assignments
permissionSets:ReadPermissionSets✔️✔️✔️✔️Allows the user to view Permission Sets
permissionSets:UpdateAssignment✔️Allows the user to update an Assignment
permissionSets:UpdatePermissionSet✔️Allows the user to update a Permission Set
support:AddComment✔️✔️✔️Allows the user to add a comment to a support case
support:CreateCase✔️✔️✔️Allows the user to create a support case
teams:CreateAPIToken✔️Allows the user to create an API Token
teams:CreateGroup✔️Allows the user to create a Group
teams:CreateUser✔️Allows the user to invite a new team member
teams:DeleteAPIToken✔️Allows the user to delete an API Token
teams:DeleteGroup✔️Allows the user to delete a Group
teams:DeleteUser✔️Allows the user to delete a team member
teams:ReadAPITokens✔️✔️✔️✔️Allows the user to view API Tokens
teams:ReadGroups✔️✔️✔️✔️Allows the user to view Groups
teams:ReadUsers✔️✔️✔️✔️Allows the user to view all team members
teams:UpdateAPITokens✔️Allows the user to update an API Token
teams:UpdateGroup✔️Allows the user to update a Group
teams:UpdateGroupMembers✔️Allows the user to add a Group member
teams:UpdateUser✔️Allows the user to update a team member's details or deactivate/activate them
teams:UpdateUserPassword✔️✔️✔️✔️Allows the user to request a password reset
workloads:CreateCatalogueItem✔️Allows the user to create a Workload Catalogue Item
workloads:CreateCatalogueVersion✔️Allows the user to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:CreateWorkload✔️✔️Allows the user to deploy a Workload
workloads:DeleteCatalogueItem✔️Allows the user to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersion✔️Allows the user to delete a Workload Catalogue Version
workloads:DeleteWorkload✔️✔️Allows the user to delete a Workload
workloads:ReadCatalogueItems✔️✔️✔️✔️Allows the user to view the Workload Catalogue
workloads:ReadWorkloads✔️✔️✔️✔️Allows the user to view active Workloads
workloads:UpdateWorkload✔️✔️Allows the user to update an active Workload

Cost, Compliance, Views Permissions

ActionsAdminUserRead OnlyCost & Compliance Admin
Cost
View✔️✔️✔️✔️
Views
View✔️✔️
Create✔️✔️
Duplicate✔️✔️
Rename✔️✔️
Edit✔️✔️
Edit Budget✔️✔️
Rules
View**
**
✔️✔️✔️✔️
Add✔️✔️
Edit✔️✔️
Disable/Enable✔️✔️
Delete✔️✔️
Re-Evaluate✔️✔️✔️✔️
Ignore Resource✔️✔️
View Bundles✔️✔️
Add/Remove Bundles✔️✔️
Upgrade Bundles✔️✔️
View Categories✔️✔️✔️✔️
Add Categories✔️✔️
Edit Categories✔️✔️
Delete Categories✔️✔️
Settings
View Organization Budget**
**
✔️✔️✔️✔️
Change Organization Budget✔️✔️
View Financial Year Date✔️✔️✔️✔️
Set Financial Year Date✔️✔️
Notifications
Add Personal Notification**
**
✔️✔️✔️✔️
Edit Personal Notification✔️✔️✔️✔️
Delete Personal Notification✔️✔️✔️✔️
View Organization Notification✔️✔️
Add Organization Notification✔️✔️
Edit Organization Notification✔️✔️
Delete Organization Notification✔️✔️