Permission sets
Permissions sets and their scope make up IAM rules, which define the access rights that a principal (user, group or application) should have. They consist of sets of one or multiple permissions.
Permission set names contain descriptions that clearly explain their purpose. For example, a permission set that grants access to all actions you can perform on Instances is called: InstancesFullAccess
.
Below is a list of the permission sets available at Scaleway.
Scoped by Organization
Permission set | Description |
---|---|
ProjectManager | Full access to Project management. This means access to create, rename, list and delete projects. It does not include access to Project resources |
ProjectReadOnly | Read access to Project management. Does not include access to Project resources |
IAMReadOnly | Read access to IAM. This means list and read access to users, groups, applications, policies, and API keys |
IAMManager | Full access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys and all ProjectManager permissions |
BillingReadOnly | List and read access to billing information |
BillingManager | Full access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices |
OrganizationManager | Full access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources |
OrganizationReadOnly | Read access to the Organization's general information (e.g. Organization ID and quotas) |
SupportTicketManager | Full access to support tickets. This means access to create, read and update support tickets in the Organization |
SupportTicketReadOnly | List and read access to support tickets |
AbuseTicketManager | Full access to abuse tickets. This means access to create, read and update abuse tickets in the Organization |
AuditTrailReadOnly | List and read access to Audit Trail events |
Scoped by Project
Permission set | Description |
---|---|
AllProductsFullAccess | Full access to create, read, list, edit and delete all resources (products) |
AllProductsReadOnly | Read access to list and read info for all resources (products) |
SSHKeysReadOnly | Read access to SSH keys |
SSHKeysFullAccess | Full access to SSH keys |
AppleSiliconReadOnly | List and read access to Apple Silicon |
AppleSiliconFullAccess | Full access to create, read, list, edit and delete Apple Silicon. |
ElasticMetalReadOnly | List and read access to Elastic Metal |
ElasticMetalFullAccess | Full access to create, read, list, edit and delete Elastic Metal |
InstancesFullAccess | Full access to create, read, list, edit and delete Instances |
InstancesReadOnly | List and read access to Instances |
KubernetesReadOnly | List and read access to Kubernetes |
KubernetesFullAccess | Full access to create, read, list, edit and delete Kubernetes |
KubernetesExternalNodeRegister | Attach external nodes to a Kosmos cluster |
KubernetesSystemMastersGroupAccess | Gives the Kubernetes system:masters role to perform any action on the cluster |
DediboxReadOnly | List and read access to Dedibox |
DediboxFullAccess | Full access to create, read, list, edit and delete Dedibox |
GenerativeApisModelAccess | Access to Generative APIs models. |
GenerativeApisFullAccess | Full access to Generative APIs. |
InferenceReadOnly | Read access to Inference deployments |
InferenceFullAccess | Full access to Inference deployments |
ContainersReadOnly | List and read access to Containers |
ContainersFullAccess | Full access to create, read, list, edit and delete to Containers |
FunctionsReadOnly | List and read access to Functions |
FunctionsFullAccess | Full access to create, read, list, edit and delete Functions |
MessagingAndQueuingReadOnly | List and read access to Messaging |
MessagingAndQueuingFullAccess | Full access to create, read, list, edit and delete Messaging |
ServerlessJobsFullAccess | Full access to create, read, list, edit and delete job definition/run |
ServerlessJobsReadOnly | List and read access to job definition/run |
ServerlessSQLDatabaseReadOnly | List and read access to Serverless SQL Database |
ServerlessSQLDatabaseReadWrite | List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings |
ServerlessSQLDatabaseDataReadWrite | Read, write, edit and delete data in Serverless SQL Database tables. Does not include data and table structure edition, creation of databases or settings edition |
ServerlessSQLDatabaseFullAccess | Full access to create, read, list, edit and delete Serverless SQL Database |
RelationalDatabasesReadOnly | List and read access to Managed Database for PostgreSQL and MySQL |
RelationalDatabasesFullAccess | Full access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL |
ObjectStorageReadOnly | List and read access to Object Storage |
ObjectStorageFullAccess | Full access to create, read, list, edit and delete Object Storage |
ObjectStorageObjectsRead | Read access to objects, tags, metadata, and storage class |
ObjectStorageBucketsRead | Read access to buckets and bucket configuration including lifecycle rules |
ObjectStorageObjectsWrite | Access to create and edit objects, tags, metadata, and storage class |
ObjectStorageObjectsDelete | Access to delete objects |
ObjectStorageBucketsWrite | Access to create and edit buckets, bucket configuration including lifecycle rules |
ObjectStorageBucketsDelete | Access to delete buckets |
RedisReadOnly | List and read access to Managed Database for Redis™ |
RedisFullAccess | Full access to create, read, list, edit and delete Managed Database for Redis™ |
PrivateNetworksFullAccess | Full access to create, read, list, edit and delete Private Networks |
PrivateNetworksReadOnly | Read access to Private Networks |
VPCGatewayReadOnly | List and read access to Public Gateways |
VPCGatewayFullAccess | Full access to create, read, list, edit and delete Public Gateways |
VPCFullAccess | Full access to VPC |
VPCReadOnly | Read access to VPC |
AutoscalingFullAccess | Full access to autoscaling |
AutoscalingReadOnly | Read access to autoscaling |
EdgeServicesFullAccess | Full access to Edge Services |
EdgeServicesReadOnly | Read access to Edge Services |
IPAMFullAccess | Full access to IPAM |
IPAMReadOnly | Read access to IPAM |
LoadBalancersReadOnly | List and read access to Load Balancer |
LoadBalancersFullAccess | Full access to create, read, list, edit and delete Load Balancer |
DomainsDNSReadOnly | List and read access to Domains and DNS |
DomainsDNSFullAccess | Full access to create, read, list, edit and delete Domains and DNS |
ContainerRegistryReadOnly | List and read access to Container Registry |
ContainerRegistryFullAccess | Full access to create, read, list, edit and delete Container Registry |
IoTReadOnly | List and read access to IoT Hub |
IoTFullAccess | Full access to create, read, list, edit and delete IoT Hub |
ObservabilityReadOnly | List and read access to Observability |
ObservabilityFullAccess | Full access to create, read, list, edit and delete Observability |
TransactionalEmailReadOnly | List and read access to Transactional Email |
TransactionalEmailFullAccess | Full access to create, read, list, edit and delete Transactional Email |
TransactionalEmailBlocklistFullAccess | Full access to blocklists in Transactional Email. |
TransactionalEmailBlocklistReadOnly | Read access to blocklists in Transactional Email. |
TransactionalEmailDomainReadOnly | Read access to domains in Transactional Email. Does not include permissions for e-mails |
TransactionalEmailDomainFullAccess | Full access to domains in Transactional Email. Does not include permissions for e-mails |
TransactionalEmailEmailReadOnly | Read access to e-mails in Transactional Email. Does not include permissions for domain configuration |
TransactionalEmailEmailFullAccess | Full access to e-mails in Transactional Email. Does not include permissions for domain configuration |
TransactionalEmailWebhookFullAccess | Full access to Webhooks in Transactional Email |
TransactionalEmailWebhookReadOnly | Read access to Webhooks in Transactional Email |
TransactionalEmailProjectSettingsFullAccess | Full access to Project settings in Transactional Email |
TransactionalEmailProjectSettingsReadOnly | Read access to Project settings in Transactional Email |
TransactionalEmailEmailSmtpCreate | Permission to create emails via SMTP |
TransactionalEmailEmailApiCreate | Permission to create emails via the API |
WebHostingReadOnly | List and read access to Web Hosting |
WebHostingFullAccess | Full access to create, read, list, edit and delete Web Hosting |
SecretManagerReadOnly | List and read secrets' metadata (name, tags, creation date, etc.). Does not include permissions for data (versions) accessing or editing |
SecretManagerFullAccess | Full access to create, read, list, edit, access, and delete secrets and their versions in Secret Manager |
SecretManagerSecretAccess | Read access to versions' data in Secret Manager. Does not include permissions for data editing |
SecretManagerSecretCreate | Permission to create secrets and their versions in Secret Manager. Does not include permission to update secrets and versions |
SecretManagerSecretDelete | Permission to delete secrets and their versions in Secret Manager |
SecretManagerSecretWrite | Permission to edit the metadata (name, tags, description, etc.) of secrets and their versions in Secret Manager. Does not include permission to create secrets and versions |
BlockStorageReadOnly | List and read access to Block Storage |
BlockStorageFullAccess | Full access to create, read, list, edit and delete in Block Storage |
KeyManagerFullAccess | Full access to create, read, list, edit and delete in Key Manager |
KeyManagerReadOnly | List and read access to Key Manager |
Still need help?Create a support ticket