API Action Permissions

Permission definitions

Create: Bring items of specified type into existence.
Execute: Run a policy or query.

Read: View the details of items of specified type.
Update: Modify all items of specified type.
Delete: Remove items of specified type from existence.

List of api permissions

Access policies

api:access-policies:create
api:access-policies:read
api:access-policies:update
api:access-policies:delete

Categories

api:categories:create
api:categories:read
api:categories:update
api:categories:delete

Frameworks

api:frameworks:create
api:frameworks:read
api:frameworks:update
api:frameworks:delete
api:frameworks:subscribe

Data Explorer

api:queries:create
api:queries:read
api:queries:update
api:queries:delete
rpc:queries:execute
api:tables:read
api:views:create
api:views:read
api:views:update
api:views:delete

Data sources

api:datasources:create
api:datasources:read
api:datasources:update
api:datasources:delete
rpc:datasources:sync

Exceptions

api:exceptions:create
api:exceptions:read
api:exceptions:update
api:exceptions:delete

Integrations

api:integrations:create
api:integrations:read
api:integrations:update
api:integrations:delete

Logs

api:logs:read

Metrics

api:metrics:read

Organizations

api:orgs:create
api:orgs:read
api:orgs:update
api:orgs:delete

Policies

api:policies:assign
api:policies:create
api:policies:read
api:policies:update
api:policies:delete
rpc:policies:execute

Reports

api:report-schedules:create
api:report-schedules:read
api:report-schedules:update
api:report-schedules:delete

Risk posture

api:risk-posture:read

Roles

api:roles:create
api:roles:read
api:roles:update
api:roles:delete

SSO

api:sso:create
api:sso:read
api:sso:delete

Users

api:users:create
api:users:read
api:users:update
api:users:delete
api:users:assign-org

Violations

api:violations:create
api:violations:read
api:violations:update

Workflows

api:workflows:create
api:workflows:read
api:workflows:update
api:workflows:delete