IAM Actions
Reference the chart on this page when creating a Role to know which action grants access to what page in the browser.
IAM Action lists the associated action or actions required to access that page in the browser. Use * in these actions to give broad permissions to perform all associated actions such as get, list, create, delete, etc. Specify the action to restrict user access to the specific action.
| Task | Browser Tab | IAM Action | API endpoint | URL |
|---|---|---|---|---|
| View Events | Dashboards | event:* | /event_feed | https://automate.example.com/dashboards/event-feed |
| View and Search Events | Dashboards | [event:*, infra:nodes:list] | /event_feed | https://automate.example.com/dashboards/event-feed |
| View Service Group Data | Applications | applications:* | /applications/service-groups | https://automate.example.com/applications/service-groups |
| View Client Runs | Infrastructure | infra:nodes:* | /cfgmgmt/nodes | https://automate.example.com/infrastructure/client-runs |
| View Chef Servers | Infrastructure | infra:infraServers:* | /infra/servers | https://automate.example.com/infrastructure/chef-servers |
| List Reports | Compliance | compliance:reporting:* | /compliance/reporting/reports | https://automate.example.com/compliance/reports/overview |
| List Scan Jobs | Compliance | compliance:scannerJobs:* | /compliance/scanner/jobs | https://automate.example.com/compliance/scan-jobs/jobs |
| Manage Scan Jobs | Compliance | [compliance:scannerJobs:* , infra:nodes:* , infra:nodeManagers:* , compliance:profiles:* ] | /compliance/scanner/jobs | https://automate.example.com/compliance/scan-jobs/jobs |
| Manage Compliance Profiles | Compliance | compliance:profiles:* | /compliance/profiles | https://automate.example.com/compliance/compliance-profiles |
| Manage Notifications | Settings | notifications:* | /notifications | https://automate.example.com/settings/notifications |
| Manage Data Feed | Settings | datafeed:* | /data_feed/destination | https://automate.example.com/settings/data-feed |
| Manage Node Integrations | Settings | [infra:nodeManagers:* , infra:nodes:* , secrets:* ] | /nodemanagers , /cfgmgmt/nodes , /secrets | https://automate.example.com/settings/node-integrations |
| Manage Node Credentials | Settings | secrets:* | /secrets | https://automate.example.com/settings/node-credentials |
| Manage Data Lifecycle | Settings | dataLifecycle:* | /data-lifecycle | https://automate.example.com/settings/data-lifecycle |
| Manage Users | Settings | iam:users:* | /iam/v2/users | https://automate.example.com/settings/users |
| Manage Teams | Settings | iam:teams:* | /iam/v2/teams | https://automate.example.com/settings/teams |
| Manage API Tokens | Settings | iam:tokens:* | /iam/v2/tokens | https://automate.example.com/settings/tokens |
| Manage Policies | Settings | iam:policies:* | /iam/v2/policies | https://automate.example.com/settings/policies |
| Manage Roles | Settings | iam:roles:* | /iam/v2/roles | https://automate.example.com/settings/roles |
| Manage Projects | Settings | iam:projects:* | /iam/v2/projects | https://automate.example.com/settings/projects |
© Chef Software, Inc.
Licensed under the Creative Commons Attribution 3.0 Unported License.
The Chef™ Mark and Chef Logo are either registered trademarks/service marks or trademarks/servicemarks of Chef, in the United States and other countries and are used with Chef Inc's permission.
We are not affiliated with, endorsed or sponsored by Chef Inc.
https://docs.chef.io/automate/iam_actions/