Permissions

The Permission resource

The ability to perform an action on an object, enabling the corresponding functionality in the UI and API. e.g. workspaces:create, vcs-providers:read.

The ID of a permission consist of two parts separated with : (colon):

  • Resource type in a plural form.

  • Action name. Generally the actions are CRUD, but some objects have specific actions, such as runs:cancel.

If an * (asterisk) is used instead of the action name in the permission it means the permission allows all actions for the specified resource type. For example workspaces:* allows all actions with workspaces.

An asterisk can be also used instead of the resource type. For example permission *:read gives read access to all resources.

*:* - gives access to everything.

Use List Permissions to obtain all possible permissions.

Key path

Description

type* (string)

Available values: permissions

id (string)

attributes.applicable-scopes (array)

Scope identities, this permission could be applied to in an access policy.

attributes.description (string)

Permission description.

links (object)

List Permissions

GET /api/iacp/v3/permissions

This endpoint returns a list of all Scalr IAM permissions, available to use in a Role resource.

Example Request:

GET /api/iacp/v3/permissions HTTP/1.1
Host: my.scalr.io
Prefer: profile=preview
Status Codes
  • 200 OK

    Success.

    Example Respone:

    HTTP/1.1 200 OK
    Content-Type: application/vnd.api+json
    Preference-Applied: profile=preview
    
    {
      "data": [
        {
          "attributes": {
            "applicable-scopes": [
              "account",
              "environment",
              "global-scope",
              "workspace"
            ],
            "description": "Full access to everything",
            "status": true
          },
          "id": "*:*",
          "links": {},
          "relationships": {},
          "type": "permissions"
        },
        {
          "attributes": {
            "applicable-scopes": [
              "account",
              "environment",
              "global-scope",
              "workspace"
            ],
            "description": "Create anything",
            "status": true
          },
          "id": "*:create",
          "links": {},
          "relationships": {},
          "type": "permissions"
        },
        {
          "attributes": {
            "applicable-scopes": [
              "environment",
              "workspace"
            ],
            "description": "Full access to workspaces",
            "status": true
          },
          "id": "workspaces:*",
          "links": {},
          "relationships": {},
          "type": "permissions"
        },
        {
          "attributes": {
            "applicable-scopes": [
              "workspace"
            ],
            "description": "Allow [Apply a Run](https://docs.scalr.com/en/latest/api/preview/runs.html#apply-a-run)",
            "status": true
          },
          "id": "runs:apply",
          "links": {},
          "relationships": {},
          "type": "permissions"
        }
      ]
    }
    

  • 4XX – Client error.

  • 5XX – Server error.

Get a Permission

GET /api/iacp/v3/permissions/{permission}

Show details of a specific Scalr IAM Permission.

Parameters
  • permission (string) – The ID of the permission.

Example Request:

GET /api/iacp/v3/permissions/{permission} HTTP/1.1
Host: my.scalr.io
Prefer: profile=preview
Status Codes
  • 200 OK – Success.

  • 404 Not Found – Permission not found or user unauthorized to perform action.

  • 4XX – Client error.

  • 5XX – Server error.