API Action Permissions
This page provides a complete list of API action permissions available to use in access policies.
Permission definitions
Create: Bring items of specified type into existence.
Execute: Run a policy or query.
Read: View the details of items of specified type.
Update: Modify all items of specified type.
Delete: Remove items of specified type from existence.
List of api permissions
Access policies
- api:access-policies:create
- api:access-policies:read
- api:access-policies:update
- api:access-policies:delete
Categories
- api:categories:create
- api:categories:read
- api:categories:update
- api:categories:delete
Frameworks
- api:frameworks:create
- api:frameworks:read
- api:frameworks:update
- api:frameworks:delete
- api:frameworks:subscribe
Data Explorer
- api:queries:create
- api:queries:read
- api:queries:update
- api:queries:delete
- rpc:queries:execute
- api:tables:read
- api:views:create
- api:views:read
- api:views:update
- api:views:delete
Data sources
- api:datasources:create
- api:datasources:read
- api:datasources:update
- api:datasources:delete
- rpc:datasources:sync
Exceptions
- api:exceptions:create
- api:exceptions:read
- api:exceptions:update
- api:exceptions:delete
Integrations
- api:integrations:create
- api:integrations:read
- api:integrations:update
- api:integrations:delete
Logs
- api:logs:read
Metrics
- api:metrics:read
Organizations
- api:orgs:create
- api:orgs:read
- api:orgs:update
- api:orgs:delete
Policies
- api:policies:assign
- api:policies:create
- api:policies:read
- api:policies:update
- api:policies:delete
- rpc:policies:execute
Reports
- api:report-schedules:create
- api:report-schedules:read
- api:report-schedules:update
- api:report-schedules:delete
Risk posture
- api:risk-posture:read
Roles
- api:roles:create
- api:roles:read
- api:roles:update
- api:roles:delete
SSO
- api:sso:create
- api:sso:read
- api:sso:delete
Users
- api:users:create
- api:users:read
- api:users:update
- api:users:delete
- api:users:assign-org
Violations
- api:violations:create
- api:violations:read
- api:violations:update
Workflows
- api:workflows:create
- api:workflows:read
- api:workflows:update
- api:workflows:delete
Updated 5 months ago