Permissions sets and their scope make up IAM rules, which define the access rights that a principal (user, group or application) should have. They consist of sets of one or multiple permissions.
Permission set names contain descriptions that clearly explain their purpose. For example, a permission set that grants access to all actions you can perform on Instances is called: InstancesFullAccess.
Below is a list of the permission sets available at Scaleway.
| Permission set | Description |
|---|---|
| ProjectManager | Full access to Project management. This means access to create, rename, list and delete projects. It does not include access to Project resources |
| ProjectReadOnly | Read access to Project management. Does not include access to Project resources |
| IAMReadOnly | Read access to IAM. This means list and read access to users, groups, applications, policies, and API keys |
| IAMManager | Full access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys and all ProjectManager permissions |
| BillingReadOnly | List and read access to billing information |
| BillingManager | Full access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices |
| OrganizationManager | Full access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources |
| OrganizationReadOnly | Read access to the Organization’s general information (e.g. Organization ID and quotas) |
| SupportTicketManager | Full access to support tickets. This means access to create, read and update support tickets in the Organization |
| SupportTicketReadOnly | List and read access to support tickets |
| AbuseTicketManager | Full access to abuse tickets. This means access to create, read and update abuse tickets in the Organization |
| AuditTrailReadOnly | List and read access to Audit Trail events |
Any user or application benefitting from the IAMManager and/or OrganizationManager permission sets is able to create policies giving themselves access to any other actions and resources within the Organization.
| Permission set | Description |
|---|---|
| AllProductsFullAccess | Full access to create, read, list, edit and delete all resources (products) |
| AllProductsReadOnly | Read access to list and read info for all resources (products) |
| SSHKeysReadOnly | Read access to SSH keys |
| SSHKeysFullAccess | Full access to SSH keys |
| AppleSiliconReadOnly | List and read access to Apple Silicon |
| AppleSiliconFullAccess | Full access to create, read, list, edit and delete Apple Silicon. |
| ElasticMetalReadOnly | List and read access to Elastic Metal |
| ElasticMetalFullAccess | Full access to create, read, list, edit and delete Elastic Metal |
| InstancesFullAccess | Full access to create, read, list, edit and delete Instances |
| InstancesReadOnly | List and read access to Instances |
| KubernetesReadOnly | List and read access to Kubernetes |
| KubernetesFullAccess | Full access to create, read, list, edit and delete Kubernetes |
| KubernetesExternalNodeRegister | Attach external nodes to a Kosmos cluster |
| KubernetesSystemMastersGroupAccess | Gives the Kubernetes system:masters role to perform any action on the cluster |
| DediboxReadOnly | List and read access to Dedibox |
| DediboxFullAccess | Full access to create, read, list, edit and delete Dedibox |
| GenerativeApisModelAccess | Access to Generative APIs models. |
| GenerativeApisFullAccess | Full access to Generative APIs. |
| InferenceReadOnly | Read access to Inference deployments |
| InferenceFullAccess | Full access to Inference deployments |
| ContainersReadOnly | List and read access to Containers |
| ContainersFullAccess | Full access to create, read, list, edit and delete to Containers |
| FunctionsReadOnly | List and read access to Functions |
| FunctionsFullAccess | Full access to create, read, list, edit and delete Functions |
| MessagingAndQueuingReadOnly | List and read access to Messaging |
| MessagingAndQueuingFullAccess | Full access to create, read, list, edit and delete Messaging |
| ServerlessJobsFullAccess | Full access to create, read, list, edit and delete job definition/run |
| ServerlessJobsReadOnly | List and read access to job definition/run |
| ServerlessSQLDatabaseReadOnly | List and read access to Serverless SQL Database |
| ServerlessSQLDatabaseReadWrite | List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings |
| ServerlessSQLDatabaseDataReadWrite | Read, write, edit and delete data in Serverless SQL Database tables. Does not include data and table structure edition, creation of databases or settings edition |
| ServerlessSQLDatabaseFullAccess | Full access to create, read, list, edit and delete Serverless SQL Database |
| RelationalDatabasesReadOnly | List and read access to Managed Database for PostgreSQL and MySQL |
| RelationalDatabasesFullAccess | Full access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL |
| ObjectStorageReadOnly | List and read access to Object Storage |
| ObjectStorageFullAccess | Full access to create, read, list, edit and delete Object Storage |
| ObjectStorageObjectsRead | Read access to objects, tags, metadata, and storage class |
| ObjectStorageBucketsRead | Read access to buckets and bucket configuration including lifecycle rules |
| ObjectStorageObjectsWrite | Access to create and edit objects, tags, metadata, and storage class |
| ObjectStorageObjectsDelete | Access to delete objects |
| ObjectStorageBucketsWrite | Access to create and edit buckets, bucket configuration including lifecycle rules |
| ObjectStorageBucketsDelete | Access to delete buckets |
| RedisReadOnly | List and read access to Managed Database for Redis™ |
| RedisFullAccess | Full access to create, read, list, edit and delete Managed Database for Redis™ |
| PrivateNetworksFullAccess | Full access to create, read, list, edit and delete Private Networks |
| PrivateNetworksReadOnly | Read access to Private Networks |
| VPCGatewayReadOnly | List and read access to Public Gateways |
| VPCGatewayFullAccess | Full access to create, read, list, edit and delete Public Gateways |
| VPCFullAccess | Full access to VPC |
| VPCReadOnly | Read access to VPC |
| AutoscalingFullAccess | Full access to autoscaling |
| AutoscalingReadOnly | Read access to autoscaling |
| EdgeServicesFullAccess | Full access to Edge Services |
| EdgeServicesReadOnly | Read access to Edge Services |
| IPAMFullAccess | Full access to IPAM |
| IPAMReadOnly | Read access to IPAM |
| LoadBalancersReadOnly | List and read access to Load Balancer |
| LoadBalancersFullAccess | Full access to create, read, list, edit and delete Load Balancer |
| DomainsDNSReadOnly | List and read access to Domains and DNS |
| DomainsDNSFullAccess | Full access to create, read, list, edit and delete Domains and DNS |
| ContainerRegistryReadOnly | List and read access to Container Registry |
| ContainerRegistryFullAccess | Full access to create, read, list, edit and delete Container Registry |
| IoTReadOnly | List and read access to IoT Hub |
| IoTFullAccess | Full access to create, read, list, edit and delete IoT Hub |
| ObservabilityReadOnly | List and read access to Observability |
| ObservabilityFullAccess | Full access to create, read, list, edit and delete Observability |
| TransactionalEmailReadOnly | List and read access to Transactional Email |
| TransactionalEmailFullAccess | Full access to create, read, list, edit and delete Transactional Email |
| TransactionalEmailBlocklistFullAccess | Full access to blocklists in Transactional Email. |
| TransactionalEmailBlocklistReadOnly | Read access to blocklists in Transactional Email. |
| TransactionalEmailDomainReadOnly | Read access to domains in Transactional Email. Does not include permissions for e-mails |
| TransactionalEmailDomainFullAccess | Full access to domains in Transactional Email. Does not include permissions for e-mails |
| TransactionalEmailEmailReadOnly | Read access to e-mails in Transactional Email. Does not include permissions for domain configuration |
| TransactionalEmailEmailFullAccess | Full access to e-mails in Transactional Email. Does not include permissions for domain configuration |
| TransactionalEmailWebhookFullAccess | Full access to Webhooks in Transactional Email |
| TransactionalEmailWebhookReadOnly | Read access to Webhooks in Transactional Email |
| TransactionalEmailProjectSettingsFullAccess | Full access to Project settings in Transactional Email |
| TransactionalEmailProjectSettingsReadOnly | Read access to Project settings in Transactional Email |
| TransactionalEmailEmailSmtpCreate | Permission to create emails via SMTP |
| TransactionalEmailEmailApiCreate | Permission to create emails via the API |
| WebHostingReadOnly | List and read access to Web Hosting |
| WebHostingFullAccess | Full access to create, read, list, edit and delete Web Hosting |
| SecretManagerReadOnly | List and read secrets’ metadata (name, tags, creation date, etc.). Does not include permissions for data (versions) accessing or editing |
| SecretManagerFullAccess | Full access to create, read, list, edit, access, and delete secrets and their versions in Secret Manager |
| SecretManagerSecretAccess | Read access to versions’ data in Secret Manager. Does not include permissions for data editing |
| SecretManagerSecretCreate | Permission to create secrets and their versions in Secret Manager. Does not include permission to update secrets and versions |
| SecretManagerSecretDelete | Permission to delete secrets and their versions in Secret Manager |
| SecretManagerSecretWrite | Permission to edit the metadata (name, tags, description, etc.) of secrets and their versions in Secret Manager. Does not include permission to create secrets and versions |
| BlockStorageReadOnly | List and read access to Block Storage |
| BlockStorageFullAccess | Full access to create, read, list, edit and delete in Block Storage |
| KeyManagerFullAccess | Full access to create, read, list, edit and delete in Key Manager |
| KeyManagerReadOnly | List and read access to Key Manager |
Some additional permission sets may appear on your Scaleway console if you are enrolled in beta testing for products or features.