reference
Permissions Reference
All permissions available in Excloud and the service each one controls.
This page lists all IAM permissions available in Excloud and the service area they belong to. Wildcards such as * indicate all actions within a service or subgroup.
For how permissions are evaluated inside policies, see Policies.
Legend:
- Enforced today: whether the backend currently checks this action in handlers.
- Wildcards like
service:*match all actions within that service.
Billing
| Permission | Enforced today | Notes |
|---|---|---|
billing:ca | Yes | Cost Explorer |
Compute
| Permission | Enforced today | Notes |
|---|---|---|
compute:* | Yes | Wildcard for all compute actions |
compute:instance:* | Yes | Wildcard for all instance actions |
compute:instance:connect | Yes | Ephemeral terminal access |
compute:instance:create | Yes | |
compute:instance:list | Yes | |
compute:instance:restart | Yes | |
compute:instance:start | Yes | |
compute:instance:stop | Yes | |
compute:instance:terminate | Yes | |
compute:securitygroup:* | Yes | Includes bindings and rules |
compute:securitygroup:binding:create | Yes | |
compute:securitygroup:binding:delete | Yes | |
compute:securitygroup:binding:list | Yes | |
compute:securitygroup:create | Yes | |
compute:securitygroup:delete | Yes | |
compute:securitygroup:list | Yes | |
compute:securitygroup:rule:create | Yes | |
compute:securitygroup:rule:delete | Yes | |
compute:securitygroup:rule:list | Yes | |
compute:snapshot:create | Yes | |
compute:snapshot:delete | Yes | |
compute:snapshot:list | Yes | |
compute:sshpubkey:* | Yes | Wildcard for all SSH key actions |
compute:sshpubkey:create | Yes | |
compute:sshpubkey:delete | Yes | |
compute:sshpubkey:list | Yes | |
compute:subnet:* | Yes | Matches list (no create today) |
compute:subnet:list | Yes | |
compute:volume:create | Yes | |
compute:volume:delete | Yes | |
compute:volume:list | Yes | |
compute:volume:resize | Yes |
DNS
| Permission | Enforced today | Notes |
|---|---|---|
dns:* | Yes | Wildcard for all DNS actions |
dns:record:* | Yes | Wildcard for all record actions |
dns:record:create | Yes | |
dns:record:delete | Yes | |
dns:record:list | Yes | |
dns:record:update | Yes | |
dns:zone:* | Yes | Wildcard for all zone actions |
dns:zone:create | Yes | |
dns:zone:delete | Yes | |
dns:zone:list | Yes |
Database
| Permission | Enforced today | Notes |
|---|---|---|
database:* | Yes | Wildcard for all database actions |
database:cluster:* | Yes | Wildcard for all cluster actions |
database:cluster:create | Yes | |
database:cluster:list | Yes | |
database:cluster:resetpassword | Yes | |
database:cluster:restart | Yes | |
database:cluster:terminate | Yes | |
database:node:add | Yes | |
database:node:restart | Yes | |
database:node:terminate | Yes |
IAM
| Permission | Enforced today | Notes |
|---|---|---|
iam:* | Yes | Wildcard for all IAM actions |
iam:account:* | Yes | Wildcard for account actions |
iam:account:invite | Yes | |
iam:account:list | Yes | |
iam:billing:get | Yes | |
iam:billing:update | Yes | |
iam:org:rename | Yes | |
iam:policy:* | Yes | Wildcard for all policy actions |
iam:policy:binding:create | Yes | |
iam:policy:binding:delete | Yes | |
iam:policy:binding:list | Yes | |
iam:policy:create | Yes | |
iam:policy:delete | Yes | |
iam:policy:list | Yes | |
iam:policy:update | Yes | |
iam:serviceaccount:* | Yes | Wildcard for all service account actions |
iam:serviceaccount:create | Yes | |
iam:serviceaccount:delete | Yes | |
iam:serviceaccount:list | Yes | |
iam:serviceaccount:update | Yes |