Stax Roles - Stax Permissions

User permissions within Stax

On This Page
Stax User Permissions

The below table provides a a list of Stax permissions for each Stax role.

KeyDescription
tickUser can perform this action
crossUser cannot perform this action

Stax User Permissions

ActionsRootAdminUserReadonlyDescription
accounts:AddAccountTypeRoleticktickcrosscrossAllows the user to add an AWS role to an Account Type
accounts:CreateAccountticktickcrosscrossAllows the user to create an Account
accounts:CreateAccountTypeticktickcrosscrossAllows the user to create an Account Type
accounts:DeleteAccountTypeticktickcrosscrossAllows the user to delete an Account Type
accounts:DiscoverticktickcrosscrossAllows the user to discover AWS Accounts associated with the Organization
accounts:OnboardticktickcrosscrossAllows the user to onboard AWS Accounts associated with the Organization
accounts:ReadAccountTypesticktickticktickAllows the user to view Account Types
accounts:ReadAccountsticktickticktickAllows the user to view Accounts
accounts:UpdateAccountticktickcrosscrossAllows the user to update an Account name, description and tags
accounts:UpdateAccountTypeticktickcrosscrossAllows the user to update an Account Type
accounttypes:UpdateAccountTypeMembersticktickcrosscrossAllows the user to move accounts between Account Types
accounttypes:UpdateAccountTypePoliciesticktickcrosscrossAllows the user to add or remove Policies from an Account Type
alias:CheckAliasAvailabilityticktickticktickAllows user to check if a Customer Alias is already in use
dashboard:ReadActivityFeedticktickticktickAllows the user to view the activity feed
networks:CreateCIDRExclusionticktickcrosscrossAllows the user create a CIDR Exclusion
networks:CreateCIDRRangeticktickcrosscrossAllows the user create a CIDR Range
networks:CreateNetworkingHubsticktickcrosscrossAllows the user create a Networking Hub
networks:CreateVPCtickticktickcrossAllows the user to create a VPC
networks:DeleteCIDRExclusionticktickcrosscrossAllows the user to delete a CIDR Exclusion
networks:DeleteCIDRRangeticktickcrosscrossAllows the user to delete a CIDR Range
networks:DeleteNetworkingHubsticktickcrosscrossAllows the user to delete a Networking Hub
networks:DeleteVPCtickticktickcrossAllows the user to delete a VPC
networks:ReadCIDRExclusionticktickticktickAllows the user to view CIDR Exclusions
networks:ReadCIDRRangeticktickticktickAllows the user to view CIDR Ranges
networks:ReadNetworkingHubsticktickticktickAllows the user to view Networking Hubs
networks:ReadVPCticktickticktickAllows the user to view VPCs
networks:UpdateCIDRExclusionticktickcrosscrossAllows the user to update a CIDR Exclusion
networks:UpdateCIDRRangeticktickcrosscrossAllows the user to update a CIDR Range
networks:UpdateNetworkingHubsticktickcrosscrossAllows the user to update a Networking Hub
networks:UpdateVPCtickticktickcrossAllows the user to update a VPC
organisations:ReadOrganisationticktickticktickAllows the user to view their Organisation details
policies:AttachPolicyticktickcrosscrossAllows the user to attach a Policy to an Organisation
policies:CreatePolicyticktickcrosscrossAllows the user to create a Policy
policies:DeletePolicyticktickcrosscrossAllows the user to delete a Policy
policies:DetachPolicyticktickcrosscrossAllows the user to detach a Policy from an Organisation
policies:ReadPoliciesticktickticktickAllows the user to view Policies
policies:UpdatePolicyticktickcrosscrossAllows the user to update a Policy
support:AddCommenttickticktickcrossAllows the user to add a comment to a support case
support:CreateCasetickticktickcrossAllows the user to create a support case
tasks:ReadTasksticktickticktickAllows the user to view the status of a task
tasks:ReadTasksbyStatusticktickticktickAllows user to view tasks by status
teams:CreateAPITokenticktickcrosscrossAllows the user to create an API Token
teams:CreateGroupticktickcrosscrossAllows the user to create a Group
teams:CreateRootUsertickcrosscrosscrossAllows the user to invite a new root user
teams:CreateUserticktickcrosscrossAllows the user to invite a new team member
teams:DeleteAPITokenticktickcrosscrossAllows the user to delete an API Token
teams:DeleteGroupticktickcrosscrossAllows the user to delete a Group
teams:DeleteUserticktickcrosscrossAllows the user to delete a team member
teams:ReadAPITokenticktickticktickAllows the user to view API Tokens
teams:ReadGroupsticktickticktickAllows the user to view Groups
teams:ReadUsersticktickticktickAllows the user to view all team members
teams:UpdateAPITokenticktickcrosscrossAllows the user to update an API Token
teams:UpdateGroupticktickcrosscrossAllows the user to update a Group
teams:UpdateGroupMembersticktickcrosscrossAllows the user to add a Group member
teams:UpdateUserticktickcrosscrossAllows the user to update a team member's details or deactivate/activate them
teams:UpdateUserPasswordtickticktickcrossAllows the user to request a password reset
workloads:CreateCatalogueItemticktickcrosscrossAllows the user to create a Workload Catalogue Item
workloads:CreateCatalogueVersionticktickcrosscrossAllows the user to create a Workload Catalogue Version within a Workload Catalogue Item
workloads:CreateWorkloadtickticktickcrossAllows the user to deploy a Workload
workloads:DeleteCatalogueItemticktickcrosscrossAllows the user to delete a Workload Catalogue Item
workloads:DeleteCatalogueVersionticktickcrosscrossAllows the user to delete a Workload Catalogue Version
workloads:DeleteWorkloadtickticktickcrossAllows the user to deactivate a Workload
workloads:ReadCatalogueItemsticktickticktickAllows the user to view the Workload Catalogue
workloads:ReadWorkloadsticktickticktickAllows the user to view Active Workloads
workloads:UpdateAllWorkloadsticktickcrosscrossAllows the user to update all active Workloads of a particular Workload Catalogue Item
workloads:UpdateCatalogueItemticktickcrosscrossAllows the user to update a Workload Catalogue Item
workloads:UpdateWorkloadtickticktickcrossAllows the user to update an active Workload