Resource Operation Reference

System

System

Operation Description Default

grant

Manage system permissions

Deny

action-log.read

Access to action log

Deny

settings.read

Read system settings

Deny

settings.manage

Manage system settings

Deny

auth-client.create

Create auth clients

Deny

auth-clients.search

List, search or filter auth clients

Deny

role.create

Create roles

Deny

roles.search

List, search or filter roles

Deny

user.create

Create users

Deny

users.search

List, search or filter users

Deny

dal-connection.create

Create DAL connections

Deny

dal-connections.search

List, search or filter DAL connections

Deny

dal-sensitivity-level.manage

Can manage DAL sensitivity levels

Deny

application.create

Create applications

Deny

applications.search

List, search or filter auth clients

Deny

application.flag.self

Manage private flags for applications

Deny

application.flag.global

Manage global flags for applications

Deny

template.create

Create template

Deny

templates.search

List, search or filter templates

Deny

report.create

Create report

Deny

reports.search

List, search or filter reports

Deny

reminder.assign

Assign reminders

Deny

queue.create

Create messagebus queues

Deny

queues.search

List, search or filter messagebus queues

Deny

apigw-route.create

Create API gateway route

Deny

apigw-routes.search

List search or filter API gateway routes

Deny

resource-translations.manage

List, search, create, or update resource translations

Deny

dal-schema-alterations.manage

List, search, apply, or dismiss DAL alterations

Deny

data-privacy-request.create

Create data privacy requests

Deny

data-privacy-requests.search

List, search or filter data privacy requests

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.attachment.gen.adoc[]

application

Operation Description Default

read

Read application

Deny

update

Update application

Deny

delete

Delete application

Deny

apigw-route

Operation Description Default

read

Read API Gateway route

Deny

update

Update API Gateway route

Deny

delete

Delete API Gateway route

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.apigw-filter.gen.adoc[]

auth-client

Operation Description Default

read

Read authorization client

Deny

update

Update authorization client

Deny

delete

Delete authorization client

Deny

authorize

Authorize authorization client

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.auth-confirmed-client.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.auth-session.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.auth-oa2token.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.credential.gen.adoc[]

data-privacy-request

Operation Description Default

read

Read data privacy request

Deny

approve

Approve/Reject data privacy request

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.data-privacy-request-comment.gen.adoc[]

queue

Operation Description Default

read

Read queue

Deny

update

Update queue

Deny

delete

Delete queue

Deny

queue.read

Read from queue

Deny

queue.write

Write to queue

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.queue-message.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.reminder.gen.adoc[]

report

Operation Description Default

read

Read report

Deny

update

Update report

Deny

delete

Delete report

Deny

run

Run report

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.resource-translation.gen.adoc[]

role

Operation Description Default

read

Read role

Deny

update

Update role

Deny

delete

Delete role

Deny

members.manage

Manage members

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.role-member.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.settings.gen.adoc[]

template

Operation Description Default

read

Read template

Deny

update

Update template

Deny

delete

Delete template

Deny

render

Render template

Deny

user

Operation Description Default

read

Read user

Deny

update

Update user

Deny

delete

Delete user

Deny

suspend

Suspend user

Deny

unsuspend

Unsuspend user

Deny

email.unmask

Unmask email

Deny

name.unmask

Unmask name

Deny

impersonate

Impersonate user

Deny

credentials.manage

Manage user’s credentials

Deny

dal-connection

Operation Description Default

read

Read connection

Deny

update

Update connection

Deny

delete

Delete connection

Deny

dal-config.manage

Manage DAL configuration

Deny

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.dal-sensitivity-level.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/system/index.gen.adoc - include::./resource.dal-schema-alteration.gen.adoc[]

Compose

Compose

Operation Description Default

grant

Manage compose permissions

Deny

settings.read

Read settings

Deny

settings.manage

Manage settings

Deny

namespace.create

Create namespace

Deny

namespaces.search

List, search or filter namespaces

Deny

resource-translations.manage

List, search, create, or update resource translations

Deny

Unresolved include directive in modules/generated/partials/access-control/compose/index.gen.adoc - include::./resource.attachment.gen.adoc[]

chart

Operation Description Default

read

read

Deny

update

update

Deny

delete

delete

Deny

module

Operation Description Default

read

read

Deny

update

update

Deny

delete

delete

Deny

record.create

Create record

Deny

owned-record.create

Create record with custom owner

Deny

records.search

List, search or filter records

Deny

module-field

Operation Description Default

record.value.read

Read field value on records

Deny

record.value.update

Update field value on records

Deny

namespace

Operation Description Default

read

read

Deny

update

update

Deny

delete

delete

Deny

manage

Access to namespace admin panel

Deny

module.create

Create module on namespace

Deny

modules.search

List, search or filter module on namespace

Deny

chart.create

Create chart on namespace

Deny

charts.search

List, search or filter chart on namespace

Deny

page.create

Create page on namespace

Deny

pages.search

List, search or filter pages on namespace

Deny

page

Operation Description Default

read

read

Deny

update

update

Deny

delete

delete

Deny

page-layout.create

Create page layout on namespace

Deny

page-layouts.search

List, search or filter page layouts on namespace

Deny

page-layout

Operation Description Default

read

read

Deny

update

update

Deny

delete

delete

Deny

record

Operation Description Default

read

read

Deny

update

update

Deny

delete

delete

Deny

undelete

undelete

Deny

owner.manage

owner.manage

Deny

revisions.search

revisions.search

Deny

Unresolved include directive in modules/generated/partials/access-control/compose/index.gen.adoc - include::./resource.record-revision.gen.adoc[]

Federation

Federation

Operation Description Default

grant

Manage federation permissions

Deny

pair

Pair federation nodes

Deny

settings.read

Read settings

Deny

settings.manage

Manage settings

Deny

node.create

Create new federation node

Deny

nodes.search

List, search or filter federation nodes

Deny

node

Operation Description Default

manage

Manage federation node

Deny

module.create

Create shared module

Deny

Unresolved include directive in modules/generated/partials/access-control/federation/index.gen.adoc - include::./resource.node-sync.gen.adoc[]

exposed-module

Operation Description Default

manage

Manage exposed module module

Deny

shared-module

Operation Description Default

map

Map shared module

Deny

Unresolved include directive in modules/generated/partials/access-control/federation/index.gen.adoc - include::./resource.module-mapping.gen.adoc[]

Automation

Automation

Operation Description Default

grant

Manage automation permissions

Deny

workflow.create

Create workflows

Deny

triggers.search

List, search or filter triggers

Deny

sessions.search

List, search or filter sessions

Deny

workflows.search

List, search or filter workflows

Deny

resource-translations.manage

List, search, create, or update resource translations

Deny

workflow

Operation Description Default

read

Read workflow

Deny

update

Update workflow

Deny

delete

Delete workflow

Deny

undelete

Undelete workflow

Deny

execute

Execute workflow

Deny

triggers.manage

Manage workflow triggers

Deny

sessions.manage

Manage workflow sessions

Deny

Unresolved include directive in modules/generated/partials/access-control/automation/index.gen.adoc - include::./resource.session.gen.adoc[]

Unresolved include directive in modules/generated/partials/access-control/automation/index.gen.adoc - include::./resource.trigger.gen.adoc[]