Permissions in Stax

User permissions within Stax.

On This Page
Stax User Permissions

The below table provides a a list of Stax permissions for each Stax role.

KeyDescription
tickUser can perform this action
crossUser cannot perform this action

Stax User Permissions

ActionsRootAdminUserReadonlyCost & Compliance AdminDescription
accounts:CreateAccountticktickcrosscrosscrossAllows the user to create an Account
accounts:CreateAccountTypeticktickcrosscrosscrossAllows the user to create an Account Type
accounts:DeleteAccountTypeticktickcrosscrosscrossAllows the user to delete an Account Type
accounts:DiscoverAccountsticktickcrosscrosscrossAllows the user to discover AWS Accounts associated with the Organization
accounts:OnboardAccountsticktickcrosscrosscrossAllows the user to onboard AWS Accounts associated with the Organization
accounts:ReadAccountTypesticktickticktickcrossAllows the user to view Account Types
accounts:ReadAccountstickticktickticktickAllows the user to view Accounts
accounts:UpdateAccountticktickcrosscrosscrossAllows the user to update an Account name, description and tags
accounts:UpdateAccountTypeticktickcrosscrosscrossAllows the user to update an Account Type
accounts:UpdateAccountTypeAccessticktickcrosscrosscrossAllows the user to add an AWS role to an Account Type
account:UpdateAccountTypeMembersticktickcrosscrosscrossAllows the user to move accounts between Account Types
account:UpdatePoliciesticktickcrosscrosscrossAllows the user to add or remove Policies from an Account Type
dashboard:ReadActivityFeedtickticktickticktickAllows the user to view the activity feed
events:CreateEventSourceticktickcrosscrosscrossAllows the user to create an Event Source
events:DeleteEventSourceticktickcrosscrosscrossAllows the user to delete an Event Source
events:ReadEventSourcesticktickticktick![cross]tickAllows the user to view an Event Source
events:UpdateEventSourceticktickcrosscrosscrossAllows the user to update an Event Source
networking:CreateCIDRExclusionticktickcrosscrosscrossAllows the user to create a CIDR Exclusion
networking:CreateCIDRRangeticktickcrosscrosscrossAllows the user to create a CIDR Range
networking:CreateDnsResolverticktickcrosscrosscrossAllows the user to create a DNS Resolver
networking:CreateDnsRuleticktickcrosscrosscrossAllows the user to create a DNS Rule
networking:CreateDxAssociationticktickcrosscrosscrossAllows the user to create a DX Association between a Stax Networking Hub or Stax VPC and a Stax DX Gateway
networking:CreateDxResourceticktickcrosscrosscrossAllows the user to create a DX Resource, a DX Gateway and/or DX Vif
networking:CreateHubticktickcrosscrosscrossAllows the user to create a Networking Hub
networking:CreateHubPrefixListticktickcrosscrosscrossAllows the user to create a Networking Hub Prefix List
networking:CreateVPCtickticktickcrosscrossAllows the user to create a VPC
networking:CreateVPCPrefixListticktickcrosscrosscrossAllows the user to create a VPC Prefix List
networking:CreateVpnConnectiontickticktickcrosscrossAllows the user to create a VPN Connection between a Stax Networking Hub or Stax VPC and a Stax VPN Customer Gateway
networking:CreateVpnCustomerGatewaytickticktickcrosscrossAllows the user to create a VPN Customer Gateway
networking:DeleteCIDRExclusionticktickcrosscrosscrossAllows the user to delete a CIDR Exclusion
networking:DeleteCIDRRangeticktickcrosscrosscrossAllows the user to delete a CIDR Range
networking:DeleteDnsResolverticktickcrosscrosscrossAllows the user to delete a DNS Resolver within a Stax Networking Hub
networking:DeleteDnsRuleticktickcrosscrosscrossAllows the user to delete a DNS Rule
networking:DeleteDxAssociationticktickcrosscrosscrossAllows the user to delete a DX Association
networking:DeleteDxGatewayticktickcrosscrosscrossAllows the user to delete a DX Gateway
networking:DeleteDxVifticktickcrosscrosscrossAllows the user to delete a DX Vif
networking:DeleteHubticktickcrosscrosscrossAllows the user to delete a Networking Hub
networking:DeletePrefixListticktickcrosscrosscrossAllows the user to delete a Prefix List
networking:DeleteVPCtickticktickcrosscrossAllows the user to delete a VPC
networking:DeleteVpnConnectiontickticktickcrosscrossAllows the user to delete a VPN Connection with a Stax VPN Customer Gateway
networking:DeleteVpnCustomerGatewaytickticktickcrosscrossAllows the user to delete a Stax VPN Customer Gateway
networking:ReadCIDRExclusionsticktickticktickcrossAllows the user to view CIDR Exclusions
networking:ReadCIDRRangeticktickticktickcrossAllows the user to view CIDR Ranges
networking:ReadDnsResolversticktickticktickcrossAllows the user to view DNS Resolvers for a Stax Networking Hub
networking:ReadDnsRulesticktickticktickcrossAllows the user to view DNS Rules for Stax DNS Resolvers
networking:ReadDxAssociationsticktickticktickcrossAllows the user to view DX Associations
networking:ReadDxConnectionsticktickticktickcrossAllows the user to view DX Connections within Accounts
networking:ReadDxResourcesticktickticktickcrossAllows the user to view DX Gateways
networking:ReadDxVifStatusticktickticktickcrossAllows the user to view DX Vifs
networking:ReadHubsticktickticktickcrossAllows the user to view Networking Hubs
networking:ReadPrefixListticktickticktickcrossAllows the user to view Prefix Lists
networking:ReadVPCsticktickticktickcrossAllows the user to view VPCs
networking:ReadVpnConnectiontickticktickcrosscrossAllows the user to view VPN Connections
networking:ReadVpnConnectionStatustickticktickcrosscrossAllows the user to view the connectivity status of VPN Tunnels for VPN Connections
networking:ReadVpnCustomerGatewaystickticktickcrosscrossAllows the user to view VPN Customer Gateways
networking:UpdateCIDRExclusionticktickcrosscrosscrossAllows the user to update a CIDR Exclusion
networking:UpdateCIDRRangeticktickcrosscrosscrossAllows the user to update a CIDR Range
networking:UpdateDnsResolverticktickcrosscrosscrossAllows the user to update a DNS Resolver
networking:UpdateDnsRuleticktickcrosscrosscrossAllows the user to update a DNS Rule
networking:UpdateDxAssociationticktickcrosscrosscrossAllows the user to update a DX Association
networking:UpdateDxVifticktickcrosscrosscrossAllows the user to update a DX Vif
networking:UpdateHubticktickcrosscrosscrossAllows the user to update a Networking Hub
networking:UpdateHubPrefixListAssociationticktickcrosscrosscrossAllows the user to update a Networking Hub Prefix List Association
networking:UpdatePrefixListticktickcrosscrosscrossAllows the user to update a Prefix List
networking:UpdateVPCtickticktickcrosscrossAllows the user to update a VPC
networking:UpdateVPCPrefixListAssociationticktickcrosscrosscrossAllows the user to update a VPC Prefix List Association
networking:UpdateVpnConnectionticktickcrosscrosscrossAllows the user to update a VPN Connection
networking:UpdateVpnCustomerGatewayticktickcrosscrosscrossAllows the user to update a VPN Customer Gateway
organisations:AttachPolicyticktickcrosscrosscrossAllows the user to attach a Policy to an Organization
organisations:CreatePolicyticktickcrosscrosscrossAllows the user to create a Policy
organisations:DeletePolicyticktickcrosscrosscrossAllows the user to delete a Policy
organisations:DetachPolicyticktickcrosscrosscrossAllows the user to detach a Policy from an Organization
organisations:ReadOrganisationticktickticktickcrossAllows the user to view their Organization details
organisations:ReadPoliciesticktickticktickcrossAllows the user to view Policies
organisations:UpdatePolicyticktickcrosscrosscrossAllows the user to update a Policy
permissionSets:CreateAssignmentticktickcrosscrosscrossAllows the user to create an Assignment
permissionSets:CreatePermissionSetticktickcrosscrosscrossAllows the user to create a Permission Set
permissionSets:DeleteAssignmentticktickcrosscrosscrossAllows the user to Delete an Assignment
permissionSets:ReadAssignmentstickticktickticktickAllows the user to view Assignments
permissionSets:ReadPermissionSetstickticktickticktickAllows the user to view Permission Sets
permissionSets:UpdateAssignmentticktickcrosscrosscrossAllows the user to update an Assignment
permissionSets:UpdatePermissionSetticktickcrosscrosscrossAllows the user to update a Permission Set
support:AddCommenttickticktickcrosscrossAllows the user to add a comment to a support case
support:CreateCasetickticktickcrosscrossAllows the user to create a support case
teams:CreateAPITokenticktickcrosscrosscrossAllows the user to create an API Token
teams:CreateGroupticktickcrosscrosscrossAllows the user to create a Group
teams:CreateUserticktickcrosscrosscrossAllows the user to invite a new team member
teams:DeleteAPITokenticktickcrosscrosscrossAllows the user to delete an API Token
teams:DeleteGroupticktickcrosscrosscrossAllows the user to delete a Group
teams:DeleteUserticktickcrosscrosscrossAllows the user to delete a team member
teams:ReadAPITokenstickticktickticktickAllows the user to view API Tokens
teams:ReadGroupstickticktickticktickAllows the user to view Groups
teams:ReadUserstickticktickticktickAllows the user to view all team members
teams:UpdateAPITokensticktickcrosscrosscrossAllows the user to update an API Token
teams:UpdateGroupticktickcrosscrosscrossAllows the user to update a Group
teams:UpdateGroupMembersticktickcrosscrosscrossAllows the user to add a Group member
teams:UpdateUserticktickcrosscrosscrossAllows the user to update a team member's details or deactivate/activate them
teams:UpdateUserPasswordtickticktickticktickAllows the user to request a password reset
workloads:CreateCatalogueItemticktickcrosscrosscrossAllows the user to create a Workload Catalogue Item
workloads:CreateCatalogueVersionticktickcrosscrosscrossAllows the user to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:CreateWorkloadtickticktickcrosscrossAllows the user to deploy a Workload
workloads:DeleteCatalogueItemticktickcrosscrosscrossAllows the user to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersionticktickcrosscrosscrossAllows the user to delete a Workload Catalogue Version
workloads:DeleteWorkloadtickticktickcrosscrossAllows the user to deactivate a Workload
workloads:ReadCatalogueItemstickticktickticktickAllows the user to view the Workload Catalogue
workloads:ReadWorkloadstickticktickticktickAllows the user to view active Workloads
workloads:UpdateWorkloadtickticktickcrosscrossAllows the user to update an active Workload