Last updated

Permissions table

This table applies to both SAML and OIDC connections.

CategoryNameDescriptionKey
User managementCreate invitationCreate and edit account invitation link for signup/loginfe.secure.write.tenantInvites
User managementDelete users from sub-accountsDelete users from sub-accountsfe.secure.delete.userSubTenants
User managementDelete usersDelete users from accountfe.secure.delete.users
User managementRevoke user sessionsRevoke all user sessionsfe.secure.delete.sessions
User managementWrite disable/enableDisable/enable users from this accountfe.secure.write.enableDisable
User managementInvite users to sub-accountsInvite users to sub-accountsfe.secure.write.userSubTenants
User managementUpdate usersUpdate other usersfe.secure.write.updateUser
User managementDelete roles from usersDelete roles from users in accountfe.secure.delete.usersRoles
User managementDelete account invitationsDelete account invitationsfe.secure.delete.tenantInvites
User managementRead usersView all users in an accountfe.secure.read.users
User managementWrite usersAdd users to accountfe.secure.write.users
User managementResend activation emailsResend activation emails to non-verified usersfe.secure.write.resendActivationEmail
User managementAssign roles to usersAdd roles to usersfe.secure.write.usersRoles
Account HierarchyWrite sub-account managementUpdate sub-accounts to allow sub-account managementfe.account-hierarchy.write.subAccountManagement
Account HierarchyRead sub-accountsView sub-accountsfe.account-hierarchy.read.subAccount
Account HierarchyDelete sub-accountsDelete sub-accountsfe.account-hierarchy.delete.subAccount
Account HierarchyGive access to sub-accountsGive a user access to sub-accountsfe.account-hierarchy.write.subAccountAccess
Account HierarchyCreate or update sub-accountsCreate or update sub-accountsfe.account-hierarchy.write.subAccount
ApplicationsAssign user to applicationsAssign any application to usersfe.secure.write.appsUsers
ApplicationsRemove user from applicationsRemove any application from usersfe.secure.delete.appsUsers
EventsRead eventsView connectivity events (used only for legacy integrations)fe.connectivity.read.events
EventsTrigger eventsTrigger events that run integrations (used only for legacy integrations)fe.connectivity.write.triggerEvent
EventsRead event categoriesView connectivity event categories (used only for legacy integrations)fe.connectivity.read.eventCategories
Email integrationWrite email configurationCreate email integration configurations (used only for legacy integrations)fe.connectivity.write.emailConfig
Email integrationDelete email configurationsDelete email integration configurations (used only for legacy integrations)fe.connectivity.delete.emailConfig
Email integrationRead email configurationRead email integration configurations (used only for legacy integrations)fe.connectivity.read.emailConfig
Webpush integrationCreate webpushesCreate webpush notifications (used only for legacy integrations)fe.connectivity.write.sendWebpushNotification
Webpush integrationSubscribe to webpushesSubscribe to webpush notifications (used only for legacy integrations)fe.connectivity.write.subscribeWebpush
Bell notifications integrationRead bell notificationsView user bell notifications (used only for legacy integrations)fe.connectivity.read.userBellNotifications
Bell notifications integrationUpdate bell notificationsUpdate bell notifications (used only for legacy integrations)fe.connectivity.write.updateUserBellNotification
Bell notifications integrationDelete user bell notificationDelete user bell notifications (used only for legacy integrations)fe.connectivity.delete.bellNotifications
ConnectivityConnectivity generalAll connectivity permissions (used only for legacy integrations)fe.connectivity.*
ConnectivityConnectivity deleteAll connectivity delete permissions (used only for legacy integrations)fe.connectivity.delete.*
ConnectivityConnectivity writeAll connectivity write permissions (used only for legacy integrations)fe.connectivity.write.*
ConnectivityConnectivity readAll connectivity read permissions (used only for legacy integrations)fe.connectivity.read.*
Slack integrationRead Slack applicationsRead Slack application configurations (used only for legacy integrations)fe.connectivity.read.slackApp
Slack integrationDelete Slack application registrationsDelete Slack app registration (used only for legacy integrations)fe.connectivity.delete.slackAppRegistration
Slack integrationRead Slack subscriptionsView Slack event subscriptions (used only for legacy integrations)fe.connectivity.read.slackSubscriptions
Slack integrationRead Slack channelsView registered Slack workspace channels (used only for legacy integrations)fe.connectivity.read.slackChannels
Slack integrationUpdate Slack subscriptionsUpdate Slack subscriptions (used only for legacy integrations)fe.connectivity.write.updateSlackSubscription
Slack integrationDelete events from Slack subscriptionsDelete events from Slack subscription (used only for legacy integrations)fe.connectivity.delete.slackSubscriptionEvent
Slack integrationDelete Slack subscriptionsDelete Slack subscriptions to events (used only for legacy integrations)fe.connectivity.delete.slackSubscriptions
Slack integrationCreate Slack subscriptionsCreate Slack subscriptions to events (used only for legacy integrations)fe.connectivity.write.slackSubscriptions
Slack integrationRegister Slack applicationsRegister Slack application (used only for legacy integrations)fe.connectivity.write.slackAppRegistration
Slack integrationRead Slack usersView registered Slack workspace users (used only for legacy integrations)fe.connectivity.read.slackUsers
SMS integrationRead SMS configurationsView SMS integration configurations (used only for legacy integrations)fe.connectivity.read.smsConfig
SMS integrationWrite SMS configurationsCreate SMS integration configurations (used only for legacy integrations)fe.connectivity.write.smsConfig
SMS integrationDelete SMS configurationsDelete SMS integration configurations (used only for legacy integrations)fe.connectivity.delete.smsConfig
Account settingsWrite account settingsCreate or update account settingsfe.secure.write.accountSettings
Account settingsRead security policiesView account settingsfe.secure.read.accountSettings
Account settingsDelete accountDelete my accountfe.account-settings.delete.account
Account settingsEdit custom login settingsWrite account custom login box stylingfe.account-settings.write.custom-login-box
Account settingsRead applicationView all applications in the accountfe.account-settings.read.app
Security policiesDelete security policiesDelete security policiesfe.secure.delete.securityPolicy
Security policiesWrite security policiesCreate or update security policiesfe.secure.write.securityPolicy
Security policiesRead security policiesView security policiesfe.secure.read.securityPolicy
Security policiesCreate new IP restrictionsCreate new IP restriction and modify configurationfe.secure.write.ipRestrictions
Security policiesDelete IP restrictionsDelete IP restrictionsfe.secure.delete.ipRestrictions
Security policiesRead email domain restrictionsView domain restrictions and configurationfe.secure.read.emailDomainRestrictions
Security policiesRead IP restrictionsView IP restrictions and configurationfe.secure.read.ipRestrictions
Security policiesCreate new email domain restrictionsCreate new email domain restrictions and edit configurationfe.secure.write.emailDomainRestrictions
Security policiesDelete email domain restrictionDelete email domain restrictionsfe.secure.delete.emailDomainRestrictions
Security policiesDelete provisioning configurationDelete provisioning configurationsfe.secure.delete.provisioningConfiguration
Security policiesRead provisioning configurationsView provisioning configurationsfe.secure.read.provisioningConfiguration
Security policiesCreate new provisioning configurationsCreate new provisioning configurationsfe.secure.write.provisioningConfiguration
Security policiesCreate or revoke actor tokensCreate new or revoke existing actor tokensfe.secure.write.actorToken
Security policiesDelegationAct on behalf of another userfe.secure.write.delegation
Secure accessSecure generalAll secure access permissionsfe.secure.*
Secure accessSecure readAll secure access read permissionsfe.secure.read.*
Secure accessSecure deleteAll secure access delete permissionsfe.secure.delete.*
Secure accessSecure writeAll secure access write permissionsfe.secure.write.*
GroupsCreate or update groupsCreate or update any groupfe.secure.write.groups
GroupsRead groupsView all groupsfe.secure.read.groups
GroupsEdit group rolesEdit roles of any groupfe.secure.write.groupsRoles
GroupsAdd users to groupsAdd users to any groupfe.secure.write.groupsUsers
GroupsDelete groupsDelete any groupfe.secure.delete.groups
GroupsRemove users from groupsRemove users from any groupfe.secure.delete.groupsUsers
SAML / OIDCWrite SAML / OIDC default rolesWrite SAML / OIDC default rolesfe.secure.write.samlDefaultRoles
SAML / OIDCRead SAML / OIDC configurationsView vendor and tenant SAML / OIDC configurationfe.secure.read.samlConfiguration
SAML / OIDCWrite SAML / OIDC configurationsCreate and update account SAML / OIDC configurationsfe.secure.write.samlConfiguration
SAML / OIDCDelete SAML / OIDC configurationDelete account SAML / OIDC configurationfe.secure.delete.samlConfiguration
SAML / OIDCRead SAML / OIDC default rolesView SAML / OIDC default role configurationfe.secure.read.samlDefaultRoles
Webhooks integrationRead webhooksView webhook configurationsfe.connectivity.read.webhooks
Webhooks integrationRead webhook logsView webhook logsfe.connectivity.read.webhookLogs
Webhooks integrationWrite webhooksCreate and update webhook configurationfe.connectivity.write.webhook
Webhooks integrationDelete webhooksDelete webhook configurationsfe.connectivity.delete.webhook
API tokensDelete tenant API tokensDelete account API tokensfe.secure.delete.tenantApiTokens
API tokensRead account API tokensView all account API tokensfe.secure.read.tenantApiTokens
API tokensRead user API tokensView own API tokensfe.secure.read.userApiTokens
API tokensWrite user API tokensCreate and update own API tokensfe.secure.write.userApiTokens
API tokensDelete user API tokensDelete own API tokensfe.secure.delete.userApiTokens
API tokensWrite account API tokensCreate or update account API tokensfe.secure.write.tenantApiTokens
SubscriptionsSubscriptions writeAll subscriptions write permissions (used only for legacy integrations)fe.subscriptions.write.*
SubscriptionsSubscriptions generalAll subscription permissions (used only for legacy integrations)fe.subscriptions.*
SubscriptionsSubscriptions readAll subscription read permissions (used only for legacy integrations)fe.subscriptions.read.*
Roles and permissionsRead rolesView vendor and account rolesfe.secure.read.roles
Roles and permissionsRead permissionsView permissionsfe.secure.read.permissions
Roles and permissionsWrite rolesCreate account rolesfe.secure.write.roles
Roles and permissionsDelete rolesDelete account rolesfe.secure.delete.role
Roles and permissionsUpdate rolesUpdate account rolesfe.secure.write.updateRole
AuditsRead auditsView audit logsfe.secure.read.audits