Actions |
Admin |
User |
Read Only |
Cost & Compliance Admin |
Description |
accounts:CreateAccount |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create an Account |
accounts:CreateAccountType |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create an Account Type |
accounts:DeleteAccountType |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete an Account Type |
accounts:DiscoverAccounts |
✔️ |
❌ |
❌ |
❌ |
Allows the user to discover AWS Accounts associated with the Organization |
accounts:OnboardAccounts |
✔️ |
❌ |
❌ |
❌ |
Allows the user to onboard AWS Accounts associated with the Organization |
accounts:ReadAccountTypes |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view Account Types |
accounts:ReadAccounts |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view Accounts |
accounts:UpdateAccount |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update an Account name, description and tags |
accounts:UpdateAccountType |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update an Account Type |
accounts:UpdateAccountTypeAccess |
✔️ |
❌ |
❌ |
❌ |
Allows the user to add an AWS role to an Account Type |
account:UpdateAccountTypeMembers |
✔️ |
❌ |
❌ |
❌ |
Allows the user to move accounts between Account Types |
account:UpdatePolicies |
✔️ |
❌ |
❌ |
❌ |
Allows the user to add or remove Policies from an Account Type |
dashboard:ReadActivityFeed |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view the activity feed |
events:CreateEventSource |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create an Event Source |
events:DeleteEventSource |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete an Event Source |
events:ReadEventSources |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view an Event Source |
events:UpdateEventSource |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update an Event Source |
networking:CreateCIDRExclusion |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a CIDR Exclusion |
networking:CreateCIDRRange |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a CIDR Range |
networking:CreateDnsResolver |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a DNS Resolver |
networking:CreateDnsRule |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a DNS Rule |
networking:CreateDxAssociation |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway |
networking:CreateDxResource |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a DX Resource, a DX Gateway and/or DX Vif |
networking:CreateHub |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Networking Hub |
networking:CreateHubPrefixList |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Networking Hub Prefix List |
networking:CreateVPC |
✔️ |
✔️ |
❌ |
❌ |
Allows the user to create a VPC |
networking:CreateVPCPrefixList |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a VPC Prefix List |
networking:CreateVpnConnection |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway |
networking:CreateVpnCustomerGateway |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a VPN Customer Gateway |
networking:DeleteCIDRExclusion |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a CIDR Exclusion |
networking:DeleteCIDRRange |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a CIDR Range |
networking:DeleteDnsResolver |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a DNS Resolver within a Stax Networking Hub |
networking:DeleteDnsRule |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a DNS Rule |
networking:DeleteDxAssociation |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a DX Association |
networking:DeleteDxGateway |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a DX Gateway |
networking:DeleteDxVif |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a DX Vif |
networking:DeleteHub |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a Networking Hub |
networking:DeletePrefixList |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a Prefix List |
networking:DeleteVPC |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a VPC |
networking:DeleteVpnConnection |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a VPN Connection with a Stax VPN Customer Gateway |
networking:DeleteVpnCustomerGateway |
✔️ |
✔️ |
❌ |
❌ |
Allows the user to delete a Stax VPN Customer Gateway |
networking:ReadCIDRExclusions |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view CIDR Exclusions |
networking:ReadCIDRRange |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view CIDR Ranges |
networking:ReadDnsResolvers |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view DNS Resolvers for a Stax Networking Hub |
networking:ReadDnsRules |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view DNS Rules for Stax DNS Resolvers |
networking:ReadDxAssociations |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view DX Associations |
networking:ReadDxConnections |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view DX Connections within Accounts |
networking:ReadDxResources |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view DX Gateways |
networking:ReadDxVifStatus |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view DX Vifs |
networking:ReadHubs |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view Networking Hubs |
networking:ReadPrefixList |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view Prefix Lists |
networking:ReadVPCs |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view VPCs |
networking:ReadVpnConnection |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view VPN Connections |
networking:ReadVpnConnectionStatus |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view the connectivity status of VPN Tunnels for VPN Connections |
networking:ReadVpnCustomerGateways |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view VPN Customer Gateways |
networking:UpdateCIDRExclusion |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a CIDR Exclusion |
networking:UpdateCIDRRange |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a CIDR Range |
networking:UpdateDnsResolver |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a DNS Resolver |
networking:UpdateDnsRule |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a DNS Rule |
networking:UpdateDxAssociation |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a DX Association |
networking:UpdateDxVif |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a DX Vif |
networking:UpdateHub |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a Networking Hub |
networking:UpdateHubPrefixListAssociation |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a Networking Hub Prefix List Association |
networking:UpdatePrefixList |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a Prefix List |
networking:UpdateVPC |
✔️ |
✔️ |
❌ |
❌ |
Allows the user to update a VPC |
networking:UpdateVPCPrefixListAssociation |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a VPC Prefix List Association |
networking:UpdateVpnConnection |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a VPN Connection |
networking:UpdateVpnCustomerGateway |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a VPN Customer Gateway |
organisations:AttachPolicy |
✔️ |
❌ |
❌ |
❌ |
Allows the user to attach a Policy to an Organization |
organisations:CreatePolicy |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Policy |
organisations:DeletePolicy |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a Policy |
organisations:DetachPolicy |
✔️ |
❌ |
❌ |
❌ |
Allows the user to detach a Policy from an Organization |
organisations:ReadOrganisation |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view their Organization details |
organisations:ReadPolicies |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to view Policies |
organisations:UpdatePolicy |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a Policy |
permissionSets:CreateAssignment |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create an Assignment |
permissionSets:CreatePermissionSet |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Permission Set |
permissionSets:DeleteAssignment |
✔️ |
❌ |
❌ |
❌ |
Allows the user to Delete an Assignment |
permissionSets:ReadAssignments |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view Assignments |
permissionSets:ReadPermissionSets |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view Permission Sets |
permissionSets:UpdateAssignment |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update an Assignment |
permissionSets:UpdatePermissionSet |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a Permission Set |
support:AddComment |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to add a comment to a support case |
support:CreateCase |
✔️ |
✔️ |
✔️ |
❌ |
Allows the user to create a support case |
teams:CreateAPIToken |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create an API Token |
teams:CreateGroup |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Group |
teams:CreateUser |
✔️ |
❌ |
❌ |
❌ |
Allows the user to invite a new team member |
teams:DeleteAPIToken |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete an API Token |
teams:DeleteGroup |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a Group |
teams:DeleteUser |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a team member |
teams:ReadAPITokens |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view API Tokens |
teams:ReadGroups |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view Groups |
teams:ReadUsers |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view all team members |
teams:UpdateAPITokens |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update an API Token |
teams:UpdateGroup |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a Group |
teams:UpdateGroupMembers |
✔️ |
❌ |
❌ |
❌ |
Allows the user to add a Group member |
teams:UpdateUser |
✔️ |
❌ |
❌ |
❌ |
Allows the user to update a team member's details or deactivate/activate them |
teams:UpdateUserPassword |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to request a password reset |
workloads:CreateCatalogueItem |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Workload Catalogue Item |
workloads:CreateCatalogueVersion |
✔️ |
❌ |
❌ |
❌ |
Allows the user to create a Workload Catalogue Version within a Workload Catalogue Item |
workloads:CreateWorkload |
✔️ |
✔️ |
❌ |
❌ |
Allows the user to deploy a Workload |
workloads:DeleteCatalogueItem |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a Workload Catalogue Item |
workloads:DeleteCatalogueVersion |
✔️ |
❌ |
❌ |
❌ |
Allows the user to delete a Workload Catalogue Version |
workloads:DeleteWorkload |
✔️ |
✔️ |
❌ |
❌ |
Allows the user to delete a Workload |
workloads:ReadCatalogueItems |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view the Workload Catalogue |
workloads:ReadWorkloads |
✔️ |
✔️ |
✔️ |
✔️ |
Allows the user to view active Workloads |
workloads:UpdateWorkload |
✔️ |
✔️ |
❌ |
❌ |
Allows the user to update an active Workload |