Permissions sets and their scope make up IAM rules, which define the access rights that a principal (user, group or application) should have. They consist of sets of one or multiple permissions.
Permission set names contain descriptions that clearly explain their purpose. For example, a permission set that grants access to all actions you can perform on Instances is called: InstancesFullAccess.
Below is a list of the permission sets available at Scaleway.
Full access to Project management. This means access to create, rename, list and delete projects. It does not include access to Project resources
ProjectReadOnly
Read access to Project management. Does not include access to Project resources
IAMReadOnly
Read access to IAM. This means list and read access to users, groups, applications, policies, and API keys
IAMManager
Full access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys and all ProjectManager permissions
IAMApplicationManager
Full access to IAM Applications, including management of Applications API keys
IAMApplicationReadOnly
Read access to IAM Applications, including listing Applications API keys
IAMUserManager
Full access to IAM Users, including listing Users API keys
IAMUserReadOnly
Read access to IAM Users, including listing Users API keys
IAMGroupManager
Full access to IAM groups
IAMGroupReadOnly
Read access to IAM groups
IAMPolicyManager
Full access to IAM policies
IAMPolicyReadOnly
Read access to IAM policies
BillingReadOnly
List and read access to billing information
BillingManager
Full access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices
OrganizationManager
Full access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources
OrganizationReadOnly
Read access to the Organization's general information (e.g. Organization ID and quotas)
SupportTicketManager
Full access to support tickets. This means access to create, read and update support tickets in the Organization
SupportTicketReadOnly
List and read access to support tickets
AbuseTicketManager
Full access to abuse tickets. This means access to create, read and update abuse tickets in the Organization
AuditTrailReadOnly
List and read access to Audit Trail events
AuditTrailExportRead
Read access to Audit Trail exports
AuditTrailExportDelete
Delete access to Audit Trail exports
AuditTrailFullAccess
Full access to Audit Trail
EnvironmentalImpactReadOnly
Read access to Environmental Impact information
NotificationManagerFullAccess
Full access to the notification manager
NotificationManagerReadOnly
Read access to the notification manager
Important
Any user or application benefiting from the IAMManager and/or OrganizationManager permission sets is able to create policies giving themselves access to any other actions and resources within the Organization.
List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings
ServerlessSQLDatabaseDataReadWrite
Read, write, edit and delete data in Serverless SQL Database tables. Does not include data and table structure edition, creation of databases or settings edition
ServerlessSQLDatabaseFullAccess
Full access to create, read, list, edit and delete Serverless SQL Database
List and read secrets' metadata (name, tags, creation date, etc.). Does not include permissions for data (versions) accessing or editing
SecretManagerFullAccess
Full access to create, read, list, edit, access, and delete secrets and their versions in Secret Manager
SecretManagerSecretAccess
Read access to versions' data in Secret Manager. Does not include permissions for data editing
SecretManagerSecretCreate
Permission to create secrets and their versions in Secret Manager. Does not include permission to update secrets and versions
SecretManagerSecretDelete
Permission to delete secrets and their versions in Secret Manager
SecretManagerSecretWrite
Permission to edit the metadata (name, tags, description, etc.) of secrets and their versions in Secret Manager. Does not include permission to create secrets and versions
SecretManagerSecretRestore
Restore permission on Secret Manager secrets and their versions