NavigationContentFooter
Jump toSuggest an edit

Permission sets

Reviewed on 23 October 2024

Permissions sets and their scope make up IAM rules, which define the access rights that a principal (user, group or application) should have. They consist of sets of one or multiple permissions.

Permission set names contain descriptions that clearly explain their purpose. For example, a permission set that grants access to all actions you can perform on Instances is called: InstancesFullAccess.

Below is a list of the permission sets available at Scaleway.

Scoped by Organization

Permission setDescription
ProjectManagerFull access to Project management. This means access to create, rename, list and delete projects. It does not include access to Project resources
ProjectReadOnlyRead access to Project management. Does not include access to Project resources
IAMReadOnlyRead access to IAM. This means list and read access to users, groups, applications, policies, and API keys
IAMManagerFull access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys) and all ProjectManager permissions
BillingReadOnlyList and read access to billing information
BillingManagerFull access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices
OrganizationManagerFull access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources
OrganizationReadOnlyRead access to the Organization’s general information (e.g. Organization ID and quotas)
SupportTicketManagerFull access to support tickets. This means access to create, read and update support tickets in the Organization
SupportTicketReadOnlyList and read access to support tickets
AbuseTicketManagerFull access to abuse tickets. This means access to create, read and update abuse tickets in the Organization
AuditTrailReadOnlyList and read access to Audit Trail events
Important

Any user or application benefitting from the IAMManager and/or OrganizationManager permission sets is able to create policies giving themselves access to any other actions and resources within the Organization.

Scoped by Project

Permission setDescription
AllProductsFullAccessFull access to create, read, list, edit and delete all resources (products)
AllProductsReadOnlyRead access to list and read info for all resources (products)
SSHKeysReadOnlyRead access to SSH keys
SSHKeysFullAccessFull access to SSH keys
AppleSiliconReadOnlyList and read access to Apple Silicon
AppleSiliconFullAccessFull access to create, read, list, edit and delete Apple Silicon.
ElasticMetalReadOnlyList and read access to Elastic Metal
ElasticMetalFullAccessFull access to create, read, list, edit and delete Elastic Metal
InstancesFullAccessFull access to create, read, list, edit and delete Instances
InstancesReadOnlyList and read access to Instances
KubernetesReadOnlyList and read access to Kubernetes
KubernetesFullAccessFull access to create, read, list, edit and delete Kubernetes
KubernetesExternalNodeRegisterAttach external nodes to a Kosmos cluster
KubernetesSystemMastersGroupAccessGives the Kubernetes system:masters role to perform any action on the cluster
DediboxReadOnlyList and read access to Dedibox
DediboxFullAccessFull access to create, read, list, edit and delete Dedibox
ContainersReadOnlyList and read access to Containers
ContainersFullAccessFull access to create, read, list, edit and delete to Containers
FunctionsReadOnlyList and read access to Functions
FunctionsFullAccessFull access to create, read, list, edit and delete Functions
MessagingAndQueuingReadOnlyList and read access to Messaging
MessagingAndQueuingFullAccessFull access to create, read, list, edit and delete Messaging
ServerlessJobsFullAccessFull access to create, read, list, edit and delete job definition/run
ServerlessJobsReadOnlyList and read access to job definition/run
ServerlessSQLDatabaseReadOnlyList and read access to Serverless SQL Database
ServerlessSQLDatabaseReadWriteList, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings
ServerlessSQLDatabaseFullAccessFull access to create, read, list, edit and delete Serverless SQL Database
RelationalDatabasesReadOnlyList and read access to Managed Database for PostgreSQL and MySQL
RelationalDatabasesFullAccessFull access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL
ObjectStorageReadOnlyList and read access to Object Storage
ObjectStorageFullAccessFull access to create, read, list, edit and delete Object Storage
ObjectStorageObjectsReadRead access to objects, tags, metadata, and storage class
ObjectStorageBucketsReadRead access to buckets and bucket configuration including lifecycle rules
ObjectStorageObjectsWriteAccess to create and edit objects, tags, metadata, and storage class
ObjectStorageObjectsDeleteAccess to delete objects
ObjectStorageBucketsWriteAccess to create and edit buckets, bucket configuration including lifecycle rules
ObjectStorageBucketsDeleteAccess to delete buckets
RedisReadOnlyList and read access to Managed Database for Redis™
RedisFullAccessFull access to create, read, list, edit and delete Managed Database for Redis™
PrivateNetworksFullAccessFull access to create, read, list, edit and delete Private Networks
VPCGatewayReadOnlyList and read access to Public Gateways
VPCGatewayFullAccessFull access to create, read, list, edit and delete Public Gateways
VPCFullAccessFull access to VPC
VPCReadOnlyRead access to VPC
AutoscalingFullAccessFull access to autoscaling
AutoscalingReadOnlyRead access to autoscaling
EdgeServicesFullAccessFull access to Edge Services
EdgeServicesReadOnlyRead access to Edge Services
IPAMFullAccessFull access to IPAM
IPAMReadOnlyRead access to IPAM
LoadBalancersReadOnlyList and read access to Load Balancer
LoadBalancersFullAccessFull access to create, read, list, edit and delete Load Balancer
DomainsDNSReadOnlyList and read access to Domains and DNS
DomainsDNSFullAccessFull access to create, read, list, edit and delete Domains and DNS
ContainerRegistryReadOnlyList and read access to Container Registry
ContainerRegistryFullAccessFull access to create, read, list, edit and delete Container Registry
IoTReadOnlyList and read access to IoT Hub
IoTFullAccessFull access to create, read, list, edit and delete IoT Hub
ObservabilityReadOnlyList and read access to Observability
ObservabilityFullAccessFull access to create, read, list, edit and delete Observability
TransactionalEmailReadOnlyList and read access to Transactional Email
TransactionalEmailFullAccessFull access to create, read, list, edit and delete Transactional Email
TransactionalEmailDomainReadOnlyRead access to domains in Transactional Email. Does not include permissions for e-mails
TransactionalEmailDomainFullAccessFull access to domains in Transactional Email. Does not include permissions for e-mails
TransactionalEmailEmailReadOnlyRead access to e-mails in Transactional Email. Does not include permissions for domain configuration
TransactionalEmailEmailFullAccessFull access to e-mails in Transactional Email. Does not include permissions for domain configuration
TransactionalEmailWebhookFullAccessFull access to Webhooks in Transactional Email
TransactionalEmailWebhookReadOnlyRead access to Webhooks in Transactional Email
TransactionalEmailProjectSettingsFullAccessFull access to Project settings in Transactional Email
TransactionalEmailProjectSettingsReadOnlyRead access to Project settings in Transactional Email
WebHostingReadOnlyList and read access to Web Hosting
WebHostingFullAccessFull access to create, read, list, edit and delete Web Hosting
SecretManagerReadOnlyList and read secrets’ metadata (name, tags, creation date, etc.). Does not include permissions for data (versions) accessing or editing
SecretManagerFullAccessFull access to create, read, list, edit, access, and delete secrets and their versions in Secret Manager
SecretManagerSecretAccessRead access to versions’ data in Secret Manager. Does not include permissions for data editing
SecretManagerSecretCreatePermission to create secrets and their versions in Secret Manager. Does not include permission to update secrets and versions
SecretManagerSecretDeletePermission to delete secrets and their versions in Secret Manager
SecretManagerSecretWritePermission to edit the metadata (name, tags, description, etc.) of secrets and their versions in Secret Manager. Does not include permission to create secrets and versions
BlockStorageReadOnlyList and read access to Block Storage
BlockStorageFullAccessFull access to create, read, list, edit and delete in Block Storage
Important

Some additional permission sets may appear on your Scaleway console if you are enrolled in beta testing for products or features.

API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2024 – Scaleway