Permissions¶

The Permission resource¶

The ability to perform an action on an object, enabling the corresponding functionality in the UI and API. e.g. workspaces:create, vcs-providers:read.

The ID of a permission consist of two parts separated with : (colon):

Resource type in a plural form.

Action name. Generally the actions are CRUD, but some objects have specific actions, such as runs:cancel.

If an * (asterisk) is used instead of the action name in the permission it means the permission allows all actions for the specified resource type. For example workspaces:* allows all actions with workspaces.

An asterisk can be also used instead of the resource type. For example permission *:read gives read access to all resources.

*:* - gives access to everything.

Use List Permissions to obtain all possible permissions.

Key path

Description

type* (string)

Available values: permissions

id (string)

attributes.applicable-scopes (array)

Scope identities, this permission could be applied to in an access policy.

attributes.description (string)

Permission description.

links (object)

List Permissions¶

GET /api/iacp/v3/permissions¶

This endpoint returns a list of all Scalr IAM permissions, available to use in a Role resource.

Example Request:

GET /api/iacp/v3/permissions HTTP/1.1
Host: my.scalr.io
Prefer: profile=preview

Status Codes

200 OK –

Success.

Example Respone:

HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
Preference-Applied: profile=preview

{
  "data": [
    {
      "attributes": {
        "applicable-scopes": [
          "account",
          "environment",
          "global-scope",
          "workspace"
        ],
        "description": "Full access to everything",
        "status": true
      },
      "id": "*:*",
      "links": {},
      "relationships": {},
      "type": "permissions"
    },
    {
      "attributes": {
        "applicable-scopes": [
          "account",
          "environment",
          "global-scope",
          "workspace"
        ],
        "description": "Create anything",
        "status": true
      },
      "id": "*:create",
      "links": {},
      "relationships": {},
      "type": "permissions"
    },
    {
      "attributes": {
        "applicable-scopes": [
          "environment",
          "workspace"
        ],
        "description": "Full access to workspaces",
        "status": true
      },
      "id": "workspaces:*",
      "links": {},
      "relationships": {},
      "type": "permissions"
    },
    {
      "attributes": {
        "applicable-scopes": [
          "workspace"
        ],
        "description": "Allow [Apply a Run](https://docs.scalr.com/en/latest/api/preview/runs.html#apply-a-run)",
        "status": true
      },
      "id": "runs:apply",
      "links": {},
      "relationships": {},
      "type": "permissions"
    }
  ]
}

4XX – Client error.
5XX – Server error.

Get a Permission¶

GET /api/iacp/v3/permissions/{permission}¶

Show details of a specific Scalr IAM Permission.

Parameters

permission (string) – The ID of the permission.

Example Request:

GET /api/iacp/v3/permissions/{permission} HTTP/1.1
Host: my.scalr.io
Prefer: profile=preview

Status Codes

200 OK – Success.
404 Not Found – Permission not found or user unauthorized to perform action.
4XX – Client error.
5XX – Server error.