Resource table

The following table works as a quick cheat-sheet to help you manage your permissions. Note that it's not exhaustive; for brevity it does not show wildcard or templated grant strings.

Additionally, this does not include available output fields; see the service documentation for guidance.

Resource Type	Applicable Scopes	API Endpoint	Parameters into Permissions Engine	Available Actions / Examples
Account	Global Org	`/accounts`	Type `account`	`create`: Create an account `type=<type>;actions=create` `list`: List accounts `type=<type>;actions=list`
Account	Global Org	`/accounts/<id>`	ID `<id>` Pin `<auth-method-id>` Type `account`	`read`: Read an account `id=<id>;actions=read` `id=<pin>;type=<type>;actions=read` `update`: Update an account `id=<id>;actions=update` `id=<pin>;type=<type>;actions=update` `delete`: Delete an account `id=<id>;actions=delete` `id=<pin>;type=<type>;actions=delete` `set-password`: Set a password on an account, without requiring the current password `id=<id>;actions=set-password` `id=<pin>;type=<type>;actions=set-password` `change-password`: Change a password on an account given the current password `id=<id>;actions=change-password` `id=<pin>;type=<type>;actions=change-password`
Auth Method	Global Org	`/auth-methods`	Type `auth-method`	`create`: Create an auth method `type=<type>;actions=create` `list`: List auth methods `type=<type>;actions=list`
Auth Method	Global Org	`/auth-methods/<id>`	ID `<id>` Type `auth-method`	`read`: Read an auth method `id=<id>;actions=read` `update`: Update an auth method `id=<id>;actions=update` `delete`: Delete an auth method `id=<id>;actions=delete` `authenticate`: Authenticate to an auth method `id=<id>;actions=authenticate`
Auth Token	Global Org	`/auth-tokens`	Type `auth-token`	`list`: List auth tokens `type=<type>;actions=list`
Auth Token	Global Org	`/auth-tokens/<id>`	ID `<id>` Type `auth-token`	`read`: Read an auth token `id=<id>;actions=read` `delete`: Delete an auth token `id=<id>;actions=delete`
Group	Global Org Project	`/groups`	Type `group`	`create`: Create a group `type=<type>;actions=create` `list`: List groups `type=<type>;actions=list`
Group	Global Org Project	`/groups/<id>`	ID `<id>` Type `group`	`read`: Read a group `id=<id>;actions=read` `update`: Update a group `id=<id>;actions=update` `delete`: Delete a group `id=<id>;actions=delete` `add-members`: Add members to a group `id=<id>;actions=add-members` `set-members`: Set the full set of members on a group `id=<id>;actions=set-members` `remove-members`: Remove members from a group `id=<id>;actions=remove-members`
Host	Project	`/hosts`	Type `host`	`create`: Create a host `type=<type>;actions=create` `list`: List hosts `type=<type>;actions=list`
Host	Project	`/hosts/<id>`	ID `<id>` Pin `<host-catalog-id>` Type `host`	`read`: Read a host `id=<id>;actions=read` `id=<pin>;type=<type>;actions=read` `update`: Update a host `id=<id>;actions=update` `id=<pin>;type=<type>;actions=update` `delete`: Delete a host `id=<id>;actions=delete` `id=<pin>;type=<type>;actions=delete`
Host Catalog	Project	`/host-catalogs`	Type `host-catalog`	`create`: Create a host catalog `type=<type>;actions=create` `list`: List host catalogs `type=<type>;actions=list`
Host Catalog	Project	`/host-catalogs/<id>`	ID `<id>` Type `host-catalog`	`read`: Read a host catalog `id=<id>;actions=read` `update`: Update a host catalog `id=<id>;actions=update` `delete`: Delete a host catalog `id=<id>;actions=delete`
Host Set	Project	`/host-sets`	Type `host-set`	`create`: Create a host set `type=<type>;actions=create` `list`: List host sets `type=<type>;actions=list`
Host Set	Project	`/host-sets/<id>`	ID `<id>` Pin `<host-catalog-id>` Type `host-set`	`read`: Read a host set `id=<id>;actions=read` `id=<pin>;type=<type>;actions=read` `update`: Update a host set `id=<id>;actions=update` `id=<pin>;type=<type>;actions=update` `delete`: Delete a host set `id=<id>;actions=delete` `id=<pin>;type=<type>;actions=delete` `add-hosts`: Add hosts to a host-set `id=<id>;actions=add-hosts` `id=<pin>;type=<type>;actions=add-hosts` `set-hosts`: Set the full set of hosts on a host set `id=<id>;actions=set-hosts` `id=<pin>;type=<type>;actions=set-hosts` `remove-hosts`: Remove hosts from a host set `id=<id>;actions=remove-hosts` `id=<pin>;type=<type>;actions=remove-hosts`
Managed Group	Global Org	`/managed-groups`	Type `managed-group`	`create`: Create a managed group `type=<type>;actions=create` `list`: List managed groups `type=<type>;actions=list`
Managed Group	Global Org	`/managed-groups/<id>`	ID `<id>` Pin `<auth-method-id>` Type `managed-group`	`read`: Read a managed group `id=<id>;actions=read` `id=<pin>;type=<type>;actions=read` `update`: Update a managed group `id=<id>;actions=update` `id=<pin>;type=<type>;actions=update` `delete`: Delete a managed group `id=<id>;actions=delete` `id=<pin>;type=<type>;actions=delete`
Role	Global Org Project	`/roles`	Type `role`	`create`: Create a role `type=<type>;actions=create` `list`: List roles `type=<type>;actions=list`
Role	Global Org Project	`/roles/<id>`	ID `<id>` Type `role`	`read`: Read a role `id=<id>;actions=read` `update`: Update a role `id=<id>;actions=update` `delete`: Delete a role `id=<id>;actions=delete` `add-principals`: Add principals to a role `id=<id>;actions=add-principals` `set-principals`: Set the full set of principals on a role `id=<id>;actions=set-principals` `remove-principals`: Remove principals from a role `id=<id>;actions=remove-principals` `add-grants`: Add grants to a role `id=<id>;actions=add-grants` `set-grants`: Set the full set of grants on a role `id=<id>;actions=set-grants` `remove-grants`: Remove grants from a role `id=<id>;actions=remove-grants`
Scope	Global Org	`/scopes`	Type `scope`	`create`: Create a scope `type=<type>;actions=create` `list`: List scopes `type=<type>;actions=list`
Scope	Global Org	`/scopes/<id>`	ID `<id>` Type `scope`	`read`: Read a scope `id=<id>;actions=read` `update`: Update a scope `id=<id>;actions=update` `delete`: Delete a scope `id=<id>;actions=delete`
Session	Project	`/sessions`	Type `session`	`list`: List sessions `type=<type>;actions=list`
Session	Project	`/session/<id>`	ID `<id>` Type `session`	`read`: Read a session `id=<id>;actions=read` `cancel`: Cancel a session `id=<id>;actions=cancel` `read:self`: Read a session, which must be associated with the calling user `id=;type=session;actions=read:self` `cancel:self`: Cancel a session, which must be associated with the calling user `id=;type=session;actions=cancel:self`
Session Recording	Global Org	`/session-recordings`	Type `session-recording`	`list`: List session recordings `type=<type>;actions=list`
Session Recording	Global Org	`/session-recordings/<id>`	ID `<id>` Type `session-recording`	`read`: Read a session recording `id=<id>;actions=read` `download`: Download a session recording `id=<id>;actions=download`
Storage Bucket	Global Org	`/storage-buckets`	Type `storage-bucket`	`create`: Create a storage bucket `type=<type>;actions=create` `list`: List storage buckets `type=<type>;actions=list`
Storage Bucket	Global Org	`/storage-buckets/<id>`	ID `<id>` Type `storage-bucket`	`read`: Read a storage bucket `id=<id>;actions=read` `update`: Update a storage bucket `id=<id>;actions=update` `delete`: Delete a storage bucket `id=<id>;actions=delete`
Target	Project	`/targets`	Type `target`	`create`: Create a target `type=<type>;actions=create` `list`: List targets `type=<type>;actions=list`
Target	Project	`/targets/<id>`	ID `<id>` Type `target`	`read`: Read a target `id=<id>;actions=read` `update`: Update a target `id=<id>;actions=update` `delete`: Delete a target `id=<id>;actions=delete` `add-host-sources`: Add host sources to a target `id=<id>;actions=add-host-sources` `set-host-sources`: Set the full set of host sources on a target `id=<id>;actions=set-host-sources` `remove-host-sources`: Remove host sources from a target `id=<id>;actions=remove-host-sources` `add-credential-sources`: Add credential sources to a target `id=<id>;actions=add-credential-sources` `set-credential-sources`: Set the full set of credential sources on a target `id=<id>;actions=set-credential-sources` `remove-credential-sources`: Remove credential sources from a target `id=<id>;actions=remove-credential-sources` `authorize-session`: Authorize a session via the target `id=<id>;actions=authorize-session`
User	Global Org	`/users`	Type `user`	`create`: Create a user `type=<type>;actions=create` `list`: List users `type=<type>;actions=list`
User	Global Org	`/users/<id>`	ID `<id>` Type `user`	`read`: Read a user `id=<id>;actions=read` `update`: Update a user `id=<id>;actions=update` `delete`: Delete a user `id=<id>;actions=delete` `add-accounts`: Add accounts to a user `id=<id>;actions=add-accounts` `set-accounts`: Set the full set of accounts on a user `id=<id>;actions=set-accounts` `remove-accounts`: Remove accounts from a user `id=<id>;actions=remove-accounts`
Worker	Global	`/workers`	Type `worker`	`list`: List workers `type=<type>;actions=list` `create:controller-led`: Create a worker using the controller-led workflow `type=<type>;actions=create` `type=<type>;actions=create:controller-led` `create:worker-led`: Create a worker using the worker-led workflow `type=<type>;actions=create` `type=<type>;actions=create:worker-led`
Worker	Global	`/workers/<id>`	ID `<id>` Type `worker`	`read`: Read a worker `id=<id>;actions=read` `update`: Update a worker `id=<id>;actions=update` `delete`: Delete a worker `id=<id>;actions=delete`