Jump toUpdate content

Permission sets

Permissions sets and their scope make up IAM rules, which define the access rights that a principal (user, group or application) should have. They consist of sets of one or multiple permissions.

Permission set names contain descriptions that clearly explain their purpose. For example, a permission set that grants access to all actions you can perform on Instances is called: InstancesFullAccess.

Below is a list of the permission sets available at Scaleway.

Scoped by Organization

Permission setDescription
ProjectManagerFull access to Project management. This means access to create, rename, list and delete projects. It does not include access to Project resources
IAMReadOnlyRead access to IAM. This means list and read access to users, groups, applications, policies, and API keys
IAMManagerFull access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys) and all ProjectManager permissions
BillingReadOnlyList and read access to billing information
BillingManagerFull access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices
OrganizationManagerFull access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources.
OrganizationReadOnlyRead access to the Organization’s general information (e.g. Organization ID and quotas)
SupportTicketManagerFull access to support tickets. This means access to create, read and update support tickets in the Organization
SupportTicketReadOnlyList and read access to support tickets
AbuseTicketManagerFull access to abuse tickets. This means access to create, read and update abuse tickets in the Organization

Scoped by Project

Permission setDescription
AllResourcesFullAccessFull access to create, read, list, edit and delete all resources (products)
AllResourcesReadOnlyRead access to list and read info for all resources (products)
SSHKeysReadOnlyRead access to SSH keys
SSHKeysFullAccessFull access to SSH keys
AppleSiliconReadOnlyList and read access to Apple Silicon
AppleSiliconFullAccessFull access to create, read, list, edit and delete Apple Silicon.
ElasticMetalReadOnlyList and read access to Elastic Metal
ElasticMetalFullAccessFull access to create, read, list, edit and delete Elastic Metal
InstanceFullAccessFull access to create, read, list, edit and delete Instances
InstanceReadOnlyList and read access to Instances
KubernetesReadOnlyList and read access to Kubernetes
KubernetesFullAccessFull access to create, read, list, edit and delete Kubernetes
DediboxReadOnlyList and read access to Dedibox
DediboxFullAccessFull access to create, read, list, edit and delete Dedibox
ContainersReadOnlyList and read access to Containers
ContainersFullAccessFull access to create, read, list, edit and delete to Containers
FunctionsReadOnlyList and read access to Functions
FunctionsFullAccessFull access to create, read, list, edit and delete Functions
MessagingReadOnlyList and read access to Messaging
MessagingFullAccessFull access to create, read, list, edit and delete Messaging
RelationalDatabasesReadOnlyList and read access to Managed Database for PostgreSQL and MySQL
RelationalDatabasesFullAccessFull access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL
ObjectStorageReadOnlyList and read access to Object Storage
ObjectStorageFullAccessFull access to create, read, list, edit and delete Object Storage
RedisReadOnlyList and read access to Managed Database for Redis™
RedisFullAccessFull access to create, read, list, edit and delete Managed Database for Redis™
VPCGatewayReadOnlyList and read access to Public Gateways
VPCGatewayFullAccessFull access to create, read, list, edit and delete Public Gateways
LoadBalancersReadOnlyList and read access to Load Balancer
LoadBalancersFullAccessFull access to create, read, list, edit and delete Load Balancer
DomainsDNSReadOnlyList and read access to Domains and DNS
DomainsDNSFullAccessFull access to create, read, list, edit and delete Domains and DNS
ContainerRegistryReadOnlyList and read access to Container Registry
ContainerRegistryFullAccessFull access to create, read, list, edit and delete Container Registry
IoTReadOnlyList and read access to IoT Hub
IoTFullAccessFull access to create, read, list, edit and delete IoT Hub
ObservabilityReadOnlyList and read access to Observability
ObservabilityFullAccessFull access to create, read, list, edit and delete Observability
TransactionalEmailReadOnlyList and read access to Transactional Email
TransactionalEmailFullAccessFull access to create, read, list, edit and delete Transactional Email
SmartLabelingReadOnlyList and read access to Smart Labeling
SmartLabelingFullAccessFull access to create, read, list, edit and delete Smart Labeling
See Also