EXC

Permissions Reference

This page lists all IAM permissions available in Excloud and the service area they belong to. Wildcards such as * indicate all actions within a service or subgroup.

For how permissions are evaluated inside policies, see Policies.

Legend:

  • Enforced today: whether the backend currently checks this action in handlers.
  • Wildcards like service:* match all actions within that service.

Billing

PermissionEnforced todayNotes
billing:caYesCost Explorer

Compute

PermissionEnforced todayNotes
compute:*YesWildcard for all compute actions
compute:instance:*YesWildcard for all instance actions
compute:instance:connectYesEphemeral terminal access
compute:instance:createYes
compute:instance:listYes
compute:instance:restartYes
compute:instance:startYes
compute:instance:stopYes
compute:instance:terminateYes
compute:securitygroup:*YesIncludes bindings and rules
compute:securitygroup:binding:createYes
compute:securitygroup:binding:deleteYes
compute:securitygroup:binding:listYes
compute:securitygroup:createYes
compute:securitygroup:deleteYes
compute:securitygroup:listYes
compute:securitygroup:rule:createYes
compute:securitygroup:rule:deleteYes
compute:securitygroup:rule:listYes
compute:snapshot:createYes
compute:snapshot:deleteYes
compute:snapshot:listYes
compute:sshpubkey:*YesWildcard for all SSH key actions
compute:sshpubkey:createYes
compute:sshpubkey:deleteYes
compute:sshpubkey:listYes
compute:subnet:*YesMatches list (no create today)
compute:subnet:listYes
compute:volume:createYes
compute:volume:deleteYes
compute:volume:listYes
compute:volume:resizeYes

DNS

PermissionEnforced todayNotes
dns:*YesWildcard for all DNS actions
dns:record:*YesWildcard for all record actions
dns:record:createYes
dns:record:deleteYes
dns:record:listYes
dns:record:updateYes
dns:zone:*YesWildcard for all zone actions
dns:zone:createYes
dns:zone:deleteYes
dns:zone:listYes

Database

PermissionEnforced todayNotes
database:*YesWildcard for all database actions
database:cluster:*YesWildcard for all cluster actions
database:cluster:createYes
database:cluster:listYes
database:cluster:resetpasswordYes
database:cluster:restartYes
database:cluster:terminateYes
database:node:addYes
database:node:restartYes
database:node:terminateYes

IAM

PermissionEnforced todayNotes
iam:*YesWildcard for all IAM actions
iam:account:*YesWildcard for account actions
iam:account:inviteYes
iam:account:listYes
iam:billing:getYes
iam:billing:updateYes
iam:org:renameYes
iam:policy:*YesWildcard for all policy actions
iam:policy:binding:createYes
iam:policy:binding:deleteYes
iam:policy:binding:listYes
iam:policy:createYes
iam:policy:deleteYes
iam:policy:listYes
iam:policy:updateYes
iam:serviceaccount:*YesWildcard for all service account actions
iam:serviceaccount:createYes
iam:serviceaccount:deleteYes
iam:serviceaccount:listYes
iam:serviceaccount:updateYes
Prev
CLI Overview