Skip to main content

Permissions in Stax

  • Updated

The below table provides a a list of permissions for each role in Stax.

Key Description
✔️ User can perform this action
User cannot perform this action

Stax User Permissions

Actions Admin User Read Only Cost & Compliance Admin Description
accounts:CreateAccount ✔️ Allows the user to create an Account
accounts:CreateAccountType ✔️ Allows the user to create an Account Type
accounts:DeleteAccountType ✔️ Allows the user to delete an Account Type
accounts:DiscoverAccounts ✔️ Allows the user to discover AWS Accounts associated with the Organization
accounts:OnboardAccounts ✔️ Allows the user to onboard AWS Accounts associated with the Organization
accounts:ReadAccountTypes ✔️ ✔️ ✔️ Allows the user to view Account Types
accounts:ReadAccounts ✔️ ✔️ ✔️ ✔️ Allows the user to view Accounts
accounts:UpdateAccount ✔️ Allows the user to update an Account name, description and tags
accounts:UpdateAccountType ✔️ Allows the user to update an Account Type
accounts:UpdateAccountTypeAccess ✔️ Allows the user to add an AWS role to an Account Type
account:UpdateAccountTypeMembers ✔️ Allows the user to move accounts between Account Types
account:UpdatePolicies ✔️ Allows the user to add or remove Policies from an Account Type
dashboard:ReadActivityFeed ✔️ ✔️ ✔️ ✔️ Allows the user to view the activity feed
events:CreateEventSource ✔️ Allows the user to create an Event Source
events:DeleteEventSource ✔️ Allows the user to delete an Event Source
events:ReadEventSources ✔️ ✔️ ✔️ ✔️ Allows the user to view an Event Source
events:UpdateEventSource ✔️ Allows the user to update an Event Source
networking:CreateCIDRExclusion ✔️ Allows the user to create a CIDR Exclusion
networking:CreateCIDRRange ✔️ Allows the user to create a CIDR Range
networking:CreateDnsResolver ✔️ Allows the user to create a DNS Resolver
networking:CreateDnsRule ✔️ Allows the user to create a DNS Rule
networking:CreateDxAssociation ✔️ Allows the user to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway
networking:CreateDxResource ✔️ Allows the user to create a DX Resource, a DX Gateway and/or DX Vif
networking:CreateHub ✔️ Allows the user to create a Networking Hub
networking:CreateHubPrefixList ✔️ Allows the user to create a Networking Hub Prefix List
networking:CreateVPC ✔️ ✔️ Allows the user to create a VPC
networking:CreateVPCPrefixList ✔️ Allows the user to create a VPC Prefix List
networking:CreateVpnConnection ✔️ Allows the user to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway
networking:CreateVpnCustomerGateway ✔️ Allows the user to create a VPN Customer Gateway
networking:DeleteCIDRExclusion ✔️ Allows the user to delete a CIDR Exclusion
networking:DeleteCIDRRange ✔️ Allows the user to delete a CIDR Range
networking:DeleteDnsResolver ✔️ Allows the user to delete a DNS Resolver within a Stax Networking Hub
networking:DeleteDnsRule ✔️ Allows the user to delete a DNS Rule
networking:DeleteDxAssociation ✔️ Allows the user to delete a DX Association
networking:DeleteDxGateway ✔️ Allows the user to delete a DX Gateway
networking:DeleteDxVif ✔️ Allows the user to delete a DX Vif
networking:DeleteHub ✔️ Allows the user to delete a Networking Hub
networking:DeletePrefixList ✔️ Allows the user to delete a Prefix List
networking:DeleteVPC ✔️ Allows the user to delete a VPC
networking:DeleteVpnConnection ✔️ Allows the user to delete a VPN Connection with a Stax VPN Customer Gateway
networking:DeleteVpnCustomerGateway ✔️ ✔️ Allows the user to delete a Stax VPN Customer Gateway
networking:ReadCIDRExclusions ✔️ ✔️ ✔️ Allows the user to view CIDR Exclusions
networking:ReadCIDRRange ✔️ ✔️ ✔️ Allows the user to view CIDR Ranges
networking:ReadDnsResolvers ✔️ ✔️ ✔️ Allows the user to view DNS Resolvers for a Stax Networking Hub
networking:ReadDnsRules ✔️ ✔️ ✔️ Allows the user to view DNS Rules for Stax DNS Resolvers
networking:ReadDxAssociations ✔️ ✔️ ✔️ Allows the user to view DX Associations
networking:ReadDxConnections ✔️ ✔️ ✔️ Allows the user to view DX Connections within Accounts
networking:ReadDxResources ✔️ ✔️ ✔️ Allows the user to view DX Gateways
networking:ReadDxVifStatus ✔️ ✔️ ✔️ Allows the user to view DX Vifs
networking:ReadHubs ✔️ ✔️ ✔️ Allows the user to view Networking Hubs
networking:ReadPrefixList ✔️ ✔️ ✔️ Allows the user to view Prefix Lists
networking:ReadVPCs ✔️ ✔️ ✔️ Allows the user to view VPCs
networking:ReadVpnConnection ✔️ ✔️ ✔️ Allows the user to view VPN Connections
networking:ReadVpnConnectionStatus ✔️ ✔️ ✔️ Allows the user to view the connectivity status of VPN Tunnels for VPN Connections
networking:ReadVpnCustomerGateways ✔️ ✔️ ✔️ Allows the user to view VPN Customer Gateways
networking:UpdateCIDRExclusion ✔️ Allows the user to update a CIDR Exclusion
networking:UpdateCIDRRange ✔️ Allows the user to update a CIDR Range
networking:UpdateDnsResolver ✔️ Allows the user to update a DNS Resolver
networking:UpdateDnsRule ✔️ Allows the user to update a DNS Rule
networking:UpdateDxAssociation ✔️ Allows the user to update a DX Association
networking:UpdateDxVif ✔️ Allows the user to update a DX Vif
networking:UpdateHub ✔️ Allows the user to update a Networking Hub
networking:UpdateHubPrefixListAssociation ✔️ Allows the user to update a Networking Hub Prefix List Association
networking:UpdatePrefixList ✔️ Allows the user to update a Prefix List
networking:UpdateVPC ✔️ ✔️ Allows the user to update a VPC
networking:UpdateVPCPrefixListAssociation ✔️ Allows the user to update a VPC Prefix List Association
networking:UpdateVpnConnection ✔️ Allows the user to update a VPN Connection
networking:UpdateVpnCustomerGateway ✔️ Allows the user to update a VPN Customer Gateway
organisations:AttachPolicy ✔️ Allows the user to attach a Policy to an Organization
organisations:CreatePolicy ✔️ Allows the user to create a Policy
organisations:DeletePolicy ✔️ Allows the user to delete a Policy
organisations:DetachPolicy ✔️ Allows the user to detach a Policy from an Organization
organisations:ReadOrganisation ✔️ ✔️ ✔️ Allows the user to view their Organization details
organisations:ReadPolicies ✔️ ✔️ ✔️ Allows the user to view Policies
organisations:UpdatePolicy ✔️ Allows the user to update a Policy
permissionSets:CreateAssignment ✔️ Allows the user to create an Assignment
permissionSets:CreatePermissionSet ✔️ Allows the user to create a Permission Set
permissionSets:DeleteAssignment ✔️ Allows the user to Delete an Assignment
permissionSets:ReadAssignments ✔️ ✔️ ✔️ ✔️ Allows the user to view Assignments
permissionSets:ReadPermissionSets ✔️ ✔️ ✔️ ✔️ Allows the user to view Permission Sets
permissionSets:UpdateAssignment ✔️ Allows the user to update an Assignment
permissionSets:UpdatePermissionSet ✔️ Allows the user to update a Permission Set
support:AddComment ✔️ ✔️ ✔️ Allows the user to add a comment to a support case
support:CreateCase ✔️ ✔️ ✔️ Allows the user to create a support case
teams:CreateAPIToken ✔️ Allows the user to create an API Token
teams:CreateGroup ✔️ Allows the user to create a Group
teams:CreateUser ✔️ Allows the user to invite a new team member
teams:DeleteAPIToken ✔️ Allows the user to delete an API Token
teams:DeleteGroup ✔️ Allows the user to delete a Group
teams:DeleteUser ✔️ Allows the user to delete a team member
teams:ReadAPITokens ✔️ ✔️ ✔️ ✔️ Allows the user to view API Tokens
teams:ReadGroups ✔️ ✔️ ✔️ ✔️ Allows the user to view Groups
teams:ReadUsers ✔️ ✔️ ✔️ ✔️ Allows the user to view all team members
teams:UpdateAPITokens ✔️ Allows the user to update an API Token
teams:UpdateGroup ✔️ Allows the user to update a Group
teams:UpdateGroupMembers ✔️ Allows the user to add a Group member
teams:UpdateUser ✔️ Allows the user to update a team member's details or deactivate/activate them
teams:UpdateUserPassword ✔️ ✔️ ✔️ ✔️ Allows the user to request a password reset
workloads:CreateCatalogueItem ✔️ Allows the user to create a Workload Catalogue Item
workloads:CreateCatalogueVersion ✔️ Allows the user to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:CreateWorkload ✔️ ✔️ Allows the user to deploy a Workload
workloads:DeleteCatalogueItem ✔️ Allows the user to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersion ✔️ Allows the user to delete a Workload Catalogue Version
workloads:DeleteWorkload ✔️ ✔️ Allows the user to delete a Workload
workloads:ReadCatalogueItems ✔️ ✔️ ✔️ ✔️ Allows the user to view the Workload Catalogue
workloads:ReadWorkloads ✔️ ✔️ ✔️ ✔️ Allows the user to view active Workloads
workloads:UpdateWorkload ✔️ ✔️ Allows the user to update an active Workload

Cost, Compliance, Views Permissions

Actions Admin User Read Only Cost & Compliance Admin
Cost
View ✔️ ✔️ ✔️ ✔️
Views
View ✔️ ✔️
Create ✔️ ✔️
Duplicate ✔️ ✔️
Rename ✔️ ✔️
Edit ✔️ ✔️
Edit Budget ✔️ ✔️
Rules
View
 ✔️ ✔️ ✔️ ✔️
Add ✔️ ✔️
Edit ✔️ ✔️
Disable/Enable ✔️ ✔️
Delete ✔️ ✔️
Re-Evaluate ✔️ ✔️ ✔️ ✔️
Ignore Resource ✔️ ✔️
View Bundles ✔️ ✔️
Add/Remove Bundles ✔️ ✔️
Upgrade Bundles ✔️ ✔️
View Categories ✔️ ✔️ ✔️ ✔️
Add Categories ✔️ ✔️
Edit Categories ✔️ ✔️
Delete Categories ✔️ ✔️
Settings
View Organization Budget
 ✔️ ✔️ ✔️ ✔️
Change Organization Budget ✔️ ✔️
View Financial Year Date ✔️ ✔️ ✔️ ✔️
Set Financial Year Date ✔️ ✔️
Notifications
Add Personal Notification
 ✔️ ✔️ ✔️ ✔️
Edit Personal Notification ✔️ ✔️ ✔️ ✔️
Delete Personal Notification ✔️ ✔️ ✔️ ✔️
View Organization Notification ✔️ ✔️
Add Organization Notification ✔️ ✔️
Edit Organization Notification ✔️ ✔️
Delete Organization Notification ✔️ ✔️
Was this article helpful?
0 out of 0 found this helpful

Related articles