Permissions in Stax
The below table provides a a list of permissions for each role in Stax.
| Key | Description |
|---|---|
| ✔️ | User can perform this action |
| ❌ | User cannot perform this action |
Stax User Permissions
| Actions | Admin | User | Read Only | Cost & Compliance Admin | Description |
|---|---|---|---|---|---|
| accounts:CloseAccount | ✔️ | ❌ | ❌ | ❌ | Allows the user to close an Account |
| accounts:CreateAccount | ✔️ | ❌ | ❌ | ❌ | Allows the user to create an Account |
| accounts:CreateAccountType | ✔️ | ❌ | ❌ | ❌ | Allows the user to create an Account Type |
| accounts:DeleteAccountType | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete an Account Type |
| accounts:DiscoverAccounts | �✔️ | ❌ | ❌ | ❌ | Allows the user to discover AWS Accounts associated with the Organization |
| accounts:OnboardAccounts | ✔️ | ❌ | ❌ | ❌ | Allows the user to onboard AWS Accounts associated with the Organization |
| accounts:ReadAccountTypes | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view Account Types |
| accounts:ReadAccounts | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Accounts |
| accounts:UpdateAccount | ✔️ | ❌ | ❌ | ❌ | Allows the user to update an Account name, description and tags |
| accounts:UpdateAccountType | ✔️ | ❌ | ❌ | ❌ | Allows the user to update an Account Type |
| accounts:UpdateAccountTypeAccess | ✔️ | ❌ | ❌ | ❌ | Allows the user to add an AWS role to an Account Type |
| account:UpdateAccountTypeMembers | ✔️ | ❌ | ❌ | ❌ | Allows the user to move accounts between Account Types |
| dashboard:ReadActivityFeed | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view the activity feed |
| events:CreateEventSource | ✔️ | ❌ | ❌ | ❌ | Allows the user to create an Event Source |
| events:DeleteEventSource | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete an Event Source |
| events:ReadEventSources | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view an Event Source |
| events:UpdateEventSource | ✔️ | ❌ | ❌ | ❌ | Allows the user to update an Event Source |
| networking:CreateCIDRExclusion | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a CIDR Exclusion |
| networking:CreateCIDRRange | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a CIDR Range |
| networking:CreateDnsResolver | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a DNS Resolver |
| networking:CreateDnsRule | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a DNS Rule |
| networking:CreateDxAssociation | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway |
| networking:CreateDxResource | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a DX Resource, a DX Gateway and/or DX Vif |
| networking:CreateHub | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Networking Hub |
| networking:CreateHubPrefixList | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Networking Hub Prefix List |
| networking:CreateVPC | ✔️ | ✔️ | ❌ | ❌ | Allows the user to create a VPC |
| networking:CreateVPCPrefixList | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a VPC Prefix List |
| networking:CreateVpnConnection | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway |
| networking:CreateVpnCustomerGateway | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a VPN Customer Gateway |
| networking:DeleteCIDRExclusion | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a CIDR Exclusion |
| networking:DeleteCIDRRange | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a CIDR Range |
| networking:DeleteDnsResolver | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a DNS Resolver within a Stax Networking Hub |
| networking:DeleteDnsRule | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a DNS Rule |
| networking:DeleteDxAssociation | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a DX Association |
| networking:DeleteDxGateway | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a DX Gateway |
| networking:DeleteDxVif | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a DX Vif |
| networking:DeleteHub | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Networking Hub |
| networking:DeletePrefixList | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Prefix List |
| networking:DeleteVPC | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a VPC |
| networking:DeleteVpnConnection | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a VPN Connection with a Stax VPN Customer Gateway |
| networking:DeleteVpnCustomerGateway | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Stax VPN Customer Gateway |
| networking:ReadCIDRExclusions | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view CIDR Exclusions |
| networking:ReadCIDRRange | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view CIDR Ranges |
| networking:ReadDnsResolvers | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view DNS Resolvers for a Stax Networking Hub |
| networking:ReadDnsRules | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view DNS Rules for Stax DNS Resolvers |
| networking:ReadDxAssociations | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view DX Associations |
| networking:ReadDxConnections | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view DX Connections within Accounts |
| networking:ReadDxResources | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view DX Gateways |
| networking:ReadDxVifStatus | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view DX Vifs |
| networking:ReadHubs | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view Networking Hubs |
| networking:ReadPrefixList | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view Prefix Lists |
| networking:ReadVPCs | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view VPCs |
| networking:ReadVpnConnection | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view VPN Connections |
| networking:ReadVpnConnectionStatus | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view the connectivity status of VPN Tunnels for VPN Connections |
| networking:ReadVpnCustomerGateways | ✔️ | ✔️ | ✔️ | ��❌ | Allows the user to view VPN Customer Gateways |
| networking:UpdateCIDRExclusion | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a CIDR Exclusion |
| networking:UpdateCIDRRange | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a CIDR Range |
| networking:UpdateDnsResolver | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a DNS Resolver |
| networking:UpdateDnsRule | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a DNS Rule |
| networking:UpdateDxAssociation | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a DX Association |
| networking:UpdateDxVif | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a DX Vif |
| networking:UpdateHub | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Networking Hub |
| networking:UpdateHubPrefixListAssociation | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Networking Hub Prefix List Association |
| networking:UpdatePrefixList | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Prefix List |
| networking:UpdateVPC | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update a VPC |
| networking:UpdateVPCPrefixListAssociation | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a VPC Prefix List Association |
| networking:UpdateVpnConnection | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a VPN Connection |
| networking:UpdateVpnCustomerGateway | ✔️ | ❌ | ❌ | �❌ | Allows the user to update a VPN Customer Gateway |
| organisations:AttachPolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to attach a Policy to an Organization |
| organisations:CreatePolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Policy |
| organisations:DeletePolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Policy |
| organisations:DetachPolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to detach a Policy from an Organization |
| organisations:ReadOrganisation | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view their Organization details |
| organisations:ReadPolicies | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to view Policies |
| organisations:UpdatePolicy | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Policy |
| permissionSets:CreateAssignment | ✔️ | ❌ | ❌ | ❌ | Allows the user to create an Assignment |
| permissionSets:CreatePermissionSet | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Permission Set |
| permissionSets:DeleteAssignment | ✔️ | ❌ | ❌ | ❌ | Allows the user to Delete an Assignment |
| permissionSets:ReadAssignments | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Assignments |
| permissionSets:ReadPermissionSets | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Permission Sets |
| permissionSets:UpdateAssignment | ✔️ | ❌ | ��❌ | ❌ | Allows the user to update an Assignment |
| permissionSets:UpdatePermissionSet | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Permission Set |
| support:AddComment | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to add a comment to a support case |
| support:CreateCase | ✔️ | ✔️ | ✔️ | ❌ | Allows the user to create a support case |
| teams:CreateAPIToken | ✔️ | ❌ | ❌ | ❌ | Allows the user to create an API Token |
| teams:CreateGroup | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Group |
| teams:CreateUser | ✔️ | ❌ | ❌ | ❌ | Allows the user to invite a new team member |
| teams:DeleteAPIToken | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete an API Token |
| teams:DeleteGroup | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Group |
| teams:DeleteUser | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a team member |
| teams:ReadAPITokens | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view API Tokens |
| teams:ReadGroups | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view Groups |
| teams:ReadUsers | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view all team members |
| teams:UpdateAPITokens | ✔️ | ❌ | ❌ | ❌ | Allows the user to update an API Token |
| teams:UpdateGroup | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a Group |
| teams:UpdateGroupMembers | ✔️ | ❌ | ❌ | ❌ | Allows the user to add a Group member |
| teams:UpdateUser | ✔️ | ❌ | ❌ | ❌ | Allows the user to update a team member's details or deactivate/activate them |
| teams:UpdateUserPassword | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to request a password reset |
| workloads:CreateCatalogueItem | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Workload Catalogue Item |
| workloads:CreateCatalogueVersion | ✔️ | ❌ | ❌ | ❌ | Allows the user to create a Workload Catalogue Version within a Workload Catalogue Item |
| workloads:CreateWorkload | ✔️ | ✔️ | ❌ | ❌ | Allows the user to deploy a Workload |
| workloads:DeleteCatalogueItem | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Workload Catalogue Item |
| workloads:DeleteCatalogueVersion | ✔️ | ❌ | ❌ | ❌ | Allows the user to delete a Workload Catalogue Version |
| workloads:DeleteWorkload | ✔️ | ✔️ | ❌ | ❌ | Allows the user to delete a Workload |
| workloads:ReadCatalogueItems | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view the Workload Catalogue |
| workloads:ReadWorkloads | ✔️ | ✔️ | ✔️ | ✔️ | Allows the user to view active Workloads |
| workloads:UpdateWorkload | ✔️ | ✔️ | ❌ | ❌ | Allows the user to update an active Workload |
Cost, Compliance, Views Permissions
| Actions | Admin | User | Read Only | Cost & Compliance Admin |
|---|---|---|---|---|
| Cost | ||||
| View | ✔️ | ✔️ | ✔️ | ✔️ |
| Views | ||||
| View | ✔️ | ❌ | ❌ | ✔️ |
| Create | ✔️ | ❌ | ❌ | ✔️ |
| Duplicate | ✔️ | ❌ | ❌ | ✔️ |
| Rename | ✔️ | ❌ | ❌ | ✔️ |
| Edit | ✔️ | ❌ | ❌ | ✔️ |
| Edit Budget | ✔️ | ❌ | ❌ | ✔️ |
| Rules | ||||
| View** ** | ✔️ | ✔️ | ✔️ | ✔️ |
| Add | ✔️ | ❌ | ❌ | ✔️ |
| Edit | ✔️ | ❌ | ❌ | ✔️ |
| Disable/Enable | ✔️ | ❌ | ❌ | ✔️ |
| Delete | ✔️ | ❌ | ❌ | ✔️ |
| Re-Evaluate | ✔️ | ✔️ | ✔️ | ✔️ |
| Ignore Resource | ✔️ | ❌ | ❌ | ✔️ |
| View Bundles | ✔️ | ❌ | ❌ | ✔️ |
| Add/Remove Bundles | ✔️ | ❌ | ❌ | ✔️ |
| Upgrade Bundles | ✔️ | ❌ | ❌ | ✔️ |
| View Categories | ✔️ | ✔️ | ✔️ | ✔️ |
| Add Categories | ✔️ | ❌ | ❌ | ✔️ |
| Edit Categories | ✔️ | ❌ | ❌ | ✔️ |
| Delete Categories | ✔️ | ❌ | ❌ | ✔️ |
| Settings | ||||
| View Organization Budget** ** | ✔️ | ✔️ | ✔️ | ✔️ |
| Change Organization Budget | ✔️ | ❌ | ❌ | ✔️ |
| View Financial Year Date | ✔️ | ✔️ | ✔️ | ✔️ |
| Set Financial Year Date | ✔️ | ❌ | ❌ | ✔️ |
| Notifications | ||||
| Add Personal Notification** ** | ✔️ | ✔️ | ✔️ | ✔️ |
| Edit Personal Notification | ✔️ | ✔️ | ✔️ | ✔️ |
| Delete Personal Notification | ✔️ | ✔️ | ✔️ | ✔️ |
| View Organization Notification | ✔️ | ❌ | ❌ | ✔️ |
| Add Organization Notification | ✔️ | ❌ | ❌ | ✔️ |
| Edit Organization Notification | ✔️ | ❌ | ❌ | ✔️ |
| Delete Organization Notification | ✔️ | ❌ | ❌ | ✔️ |