Roles and permissions
Roles and permissions
Here you can view which permissions are required to execute specific actions in Kyndryl Bridge.
System settings
Support
Permission name | Description | Roles related to |
|---|---|---|
feedback.brokers-repos.view | Allow to view service broker repos | Administrator |
feedback.brokers-settings.create | Allow to create service broker settings | Administrator |
feedback.brokers-settings.delete | Allow to delete existing service broker settings | Administrator |
feedback.brokers-settings.update | Allow to update existing service broker settings | Administrator |
feedback.brokers-settings.view | Allow to view service broker settings | Administrator |
feedback.issues.create | Allow to create issue | Administrator |
feedback.issues.delete | Allow to delete existing issue | Administrator |
feedback.issues.update | Allow to update existing issue | Administrator |
feedback.issues.view | Allow to view issues | Administrator |
IAM: User invitations
Permission name | Description | Roles related to |
|---|---|---|
accounts.user.reinvite | Allow to reinvite the account initial user |
|
iam.invitations.create | Allow to create invitations | Administrator |
iam.invitations.delete | Allow to delete invitations |
|
iam.invitations.resend | Allow to resend pending invitations |
|
iam.invitations.update | Allow to update invitations |
|
iam.invitations.view | Allow to view invitations |
|
iam.organization.bulkdelete | Allow to delete multiple organizations |
|
iam.organization.create | Allow to create new organization |
|
iam.organization.invite | Allow to invite new user to an organization |
|
iam.organization.view | Allow to view an organization |
|
IAM: Resources and users
Permission name | Description | Roles related to |
|---|---|---|
iam.resourceattributes.view | Allow to view resources |
|
iam.resourceattributesvalues.view | Allow to view resources attribute values |
|
iam.resourcegroups.view | Allow to view resource groups |
|
iam.usergroups.view | Allow to view user groups |
|
iam.usermapping.update | Allow to update user mapping assertions |
|
iam.users-lastoperation.view | Allow to view last operation performed for an user |
|
iam.users.bulkdelete | Allow to delete multiple users |
|
iam.users.create | Allow to create the users | Administrator |
iam.users.delete | Allow to delete the users |
|
iam.users.update | Allow to update the users |
|
iam.users.view | Allow to view the users |
|
Account, Roles, and Permissions
Permission name | Description | Roles related to |
|---|---|---|
fileserver.files.view | Allow to view files |
|
iam.accounts.create | Allow to create a new account | Administration |
iam.accounts.delete | Allow to delete accounts |
|
iam.accounts.update | Allow to update an account |
|
iam.accounts.view | Allow to view accounts |
|
iam.brokers.delete | Allow to delete broker |
|
iam.brokers.register | Allow to register new broker |
|
iam.brokers.test | Allow to test brokers |
|
iam.brokers.view | Allow to view brokers |
|
iam.businessservices.view | Allow to view business services |
|
iam.catalogs.view | Allow to view catalogs |
|
iam.customrole.create | Allow to create a custom role | Administrator |
iam.customrole.delete | Allow to delete a custom role |
|
iam.customrole.update | Allow to update a custom role |
|
iam.customrole.view | Allow to view custom roles |
|
IAM: Service IDs
Permission name | Description | Roles related to |
|---|---|---|
iam.serviceids.create | Allow to create serviceids | Administrator |
iam.serviceids.delete | Allow to delete serviceids |
|
iam.serviceids.update | Allow to update serviceids |
|
iam.serviceids.view | Allow to view serviceids |
|
IAM: SMTP
Permission name | Description | Roles related to |
|---|---|---|
iam.smtp.create | Allow to create smtp config | Administrator |
iam.smtp.delete | Allow to delete smtp config |
|
iam.smtp.view | Allow to view smtp config |
|
iam.spmetadata.view | Allow to view SAML SP metadata |
|
IAM: IDP
Permission name | Description | Roles related to |
|---|---|---|
iam.idp-metadata.view | Allow to view identity provider metadata |
|
iam.idp.create | Allow to create identity provider | Administrator |
iam.idp.delete | Allow to delete identity provider |
|
iam.idp.replace | Allow to replace fields of an identity provider |
|
iam.idp.update | Allow to update an identity provider |
|
iam.idp.view | Allow to view an identity provider |
|
IAM: API Keys, Key values, and Tokens
Permission name | Description | Roles related to |
|---|---|---|
iam.apikeys.create | Allow to create api keys |
|
iam.apikeys.delete | Allow to delete existing api keys |
|
iam.apikeys.manage | Allow to manage api keys |
|
iam.apikeys.replace | Allow to replace existing api keys |
|
iam.apikeys.update | Allow to patch existing api keys |
|
iam.apikeys.view | Allow to view api keys |
|
iam.tokens.create | Allow to create a token | Administrator |
iam.tokens.delete | Allow to delete a token |
|
iam.tokens.replace | Allow to replace a token |
|
iam.tokens.update | Allow to update a token |
|
iam.tokens.view | Allow to view tokens |
|
iam.keyvalues.create | Allow to add key-value | Administrator |
iam.keyvalues.delete | Allow to delete key-value |
|
iam.keyvalues.update | Allow to update key-value |
|
iam.keyvalues.view | Allow to view key-value |
|
IAM: Access Tags
Permission name | Description | Roles related to |
|---|---|---|
iam.accesstags.create | Allow to add accesstags | Administrator |
iam.accesstags.delete | Allow to delete accesstags |
|
iam.accesstags.update | Allow to update accesstags |
|
iam.accesstags.view | Allow to view accesstags |
|
IAM: Access Groups and Access Policies
Permission name | Description | Roles related to |
|---|---|---|
iam.accessgroups-members.add | Allow to add members to access group |
|
iam.accessgroups-members.delete | Allow to delete accessgroup member |
|
iam.accessgroups-members.view | Allow to view access group members |
|
iam.accessgroups-rules.add | Allow to add rules to access group |
|
iam.accessgroups-rules.delete | Allow to delete access group rules |
|
iam.accessgroups-rules.view | Allow to view access group rules |
|
iam.accessgroups.create | Allow to create accessgroup | Administrator |
iam.accessgroups.delete | Allow to delete accessgroup |
|
iam.accessgroups.update | Allow to update access group |
|
iam.accessgroups.view | Allow to view access groups |
|
iam.authzpolicy.create | Allow to create new authorization policies | Administrator |
iam.authzpolicy.delete | Allow to delete authorization policies |
|
iam.authzpolicy.update | Allow to update authorization policies |
|
iam.authzpolicy.view | Allow to view authorization policies |
|
iam.policies.view | Allow to view policies |
|
Connections, Notifications, and Metering
Permission name | Description | Roles related to |
|---|---|---|
iam.connections.create | Allow to create connections | Administrator |
iam.connections.delete | Allow to delete connections |
|
iam.connections.test | Allow to test connections |
|
iam.connections.update | Allow to update connections |
|
iam.connections.view | Allow to view connections |
|
metering.brokersusage.view | Allow to view service broker usage |
|
metering.meter.view | Allow to view metering details |
|
metering.resetcosa.create | Allow to reset cosa state |
|
metering.tenantmeter.view | Allow to view tenant specific metering details |
|
metering.tenantsusage.view | Allow to view tenant specific metering usage |
|
metering.usage.download | Allow to download metering data |
|
metering.usage.view | Allow to view metering usage |
|
notification.emailsettings.create | Allow to create notification emailsettings |
|
notification.emailsettings.delete | Allow to delete notification emailsettings |
|
notification.emailsettings.update | Allow to update notification emailsettings |
|
notification.emailsettings.view | Allow to view notification emailsettings |
|
notification.inapp.create | Allow to create inapp notification |
|
notification.inapp.delete | Allow to delete inapp notification |
|
notification.inapp.update | Allow to update inapp notification |
|
notification.inapp.view | Allow to view inapp notification |
|
notification.template.create | Allow to create notification template |
|
notification.template.delete | Allow to delete notification template |
|
notification.template.put | Allow to put notification template |
|
notification.template.update | Allow to update notification template |
|
notification.template.view | Allow to view notification template |
|
security.connections.create | Allow to create connections |
|
security.connections.delete | Allow to delete connections |
|
security.connections.link | Allow to link shared connections |
|
security.connections.replace | Allow to replace connections |
|
security.connections.test | Allow to test connections |
|
security.connections.update | Allow to update connections |
|
security.connections.view | Allow to view connections |
|
security.connectionstatus.view | Allow to get test connection status |
|
security.connectiontypes.create | Allow to add/update connectiontypes for a client tenant | Administrator |
security.connectiontypes.delete | Allow to delete connection types for a client tenant |
|
security.connectiontypes.view | Allow to view connectiontypes for a client tenant |
|
Tenant settings
iam.tenant-activitylogs.view | Allow to view activity logs for a tenant |
|
iam.tenant-entitlements.update | Allow to update tenant entitlements |
|
iam.tenant-entitlements.view | Allow to view tenant entitlements |
|
iam.tenant-membership.add | Allow to add the tenant level roles of the users |
|
iam.tenant-membership.remove | Allow to remove the tenant level roles of the users |
|
iam.tenant-opssettings.view | Get Ops Settings |
|
iam.tenant-owner.update | Allow to update tenant owner |
|
iam.tenant-settings.update | Allow to update tenant settings |
|
iam.tenant-settings.view | Allow to view tenant settings |
|
iam.tenant.bindinginfo.view | Allow to view binding info |
|
iam.tenant.create | Allow to create new tenant | Administrator |
iam.tenant.delete | Allow to delete a tenant |
|
iam.tenant.modify | Allow to modify a tenant |
|
iam.tenant.update | Allow to update a tenant |
|
iam.tenant.view | Allow to view tenants |
|
iam.tenantidp.create | Allow to create tenant manager level identity provider | Administrator |
iam.tenantidp.delete | Allow to delete tenant manager level identity provider |
|
iam.tenantidp.replace | Allow to replace fields of tenant manager level identity provider |
|
iam.tenantidp.update | Allow to update fields of tenant manager level identity provider |
|
iam.tenantidp.view | Allow to view tenant manager level identity provider |
|
iam.tenants-globalfeatureflags.update | Allow to update tenant featureflags |
|
iam.tenants-opssettings.update | Allow to update tenant opssettings |
|
iam.tenants-opssettings.view | Allow to view tenant opssettings |
|
iam.tm-invitations.create | Allow to create tenant manager level invitations | Administrator |
iam.tm-invitations.delete | Allow to delete tenant manager level invitations |
|
iam.tm-invitations.update | Allow to update tenant manager invitations |
|
iam.tm-invitations.view | Allow to view tenant manager level invitations |
|
iam.dcphost.view | Allow to retrive the dcp base host based on region |
|
iam.delegatedtoken.create | Allow to create delegated token | Administrator |
iam.dns.view | Allow to view dns |
|
iam.domains.view | Allow to view domains |
|
iam.globalidp.view | Allow to view global identity providers |
|
iam.identity.unlink | Allow to unlink the user identity |
|
iam.oidcapp.create | Allow to create OIDC application | Administrator |
iam.oidcapp.delete | Allow to delete OIDC application |
|
iam.oidcapp.replace | Allow to replace OIDC application |
|
iam.oidcapp.update | Allow to update OIDC application |
|
iam.oidcapp.view | Allow to view OIDC application |
|
Audit
Permission name | Description | Roles related to |
|---|---|---|
audit.records.download | Allow to download audit records |
|
audit.records.view | Allow to view audit records |
|
iam.audit.delete | Allow to delete audit |
|
iam.audit.replace | Allow to replace audit |
|
iam.audit.view | Allow to view audit |
|
Common Services
Common Discovery
Permission name | Description | Roles related to |
|---|---|---|
common-discovery.account.view | Allow to view inventory accounts |
|
common-discovery.actions.admin | Allow to onboard actions | Administrator |
common-discovery.actions.execute | Allow to execute actions |
|
common-discovery.actions.view | Allow to view inventory actions |
|
common-discovery.category.view | Allow to view inventory records' category |
|
common-discovery.location.view | Allow to view inventory records' location |
|
common-discovery.service.view | Allow to view inventory records |
|
common-discovery.tags.edit | Allow to edit/add/delete inventory resources tags |
|
common-discovery.tags.view | Allow to view import tags jobs for inventory resources |
|
Common Actions
Permission name | Description | Roles related to |
|---|---|---|
actions.action_category.view | Allow to perform view operation on action category |
|
actions.action_definition.view | Allow to perform view operation on action definition |
|
actions.action_policy.view | Allow to perform view operation on action policy |
|
actions.action_provider.view | Allow to perform view operation on action provider |
|
actions.action_request.view | Allow to perform view operation on action request |
|
actions.action_stats.view | Allow to perform view operation on action stats |
|
actions.action_support.view | Allow to perform view operation on action support |
|
actions.action_types.view | Allow to perform view operation on action type |
|
actions.action_category.crud | Allow to perform crud operation on action category |
|
actions.action_definition.crud | Allow to perform crud operation on action definition |
|
actions.action_engine_api_manager.crud | Allow to perform crud operation on action enginer api manager |
|
actions.action_engine_practitioner.crud | Allow to perform crud operation on action engine practitioner |
|
actions.action_onboarding.crud | Allow to perform crud operation on action onboarding |
|
actions.action_policy.crud | Allow to perform crud operation on action policy |
|
actions.action_provider.crud | Allow to perform crud operation on action provider |
|
actions.action_request.crud | Allow to perform crud operation on action request |
|
actions.action_stats.crud | Allow to perform crud operation on action stats |
|
actions.action_support.crud | Allow to perform crud operation on action support |
|
actions.action_types.crud | Allow to perform crud operation on action types |
|
Topology
Permission name | Description | Roles related to |
|---|---|---|
topology.impactanalysis-data.view | Allow to view impactanalysis |
|
topology.topology-data.view | Allow to view topology data |
|
topology.topology-metadata.view | Allow to view topology metadata |
|
topology.topology-tags.view | Allow to view topology tags |
|
Container Cluster Management
Permission name | Description | Roles related to |
|---|---|---|
ccm.cluster-alerts.view | Allow to view alerts of a cluster |
|
ccm.cluster-data.view | Allow to view cluster data |
|
ccm.cluster.view | Allow to view cluster |
|
ccm.clusters-alerts.view | Allow to view alerts of all clusters |
|
ccm.clusters.view | Allow to view clusters |
|
ccm.custom-views.create | Allow to create custom views |
|
ccm.custom-views.delete | Allow to delete custom views |
|
ccm.custom-views.update | Allow to update custom views |
|
ccm.custom-views.view | Allow to view custom views |
|
ccm.discovery-clusters.view | Allow to view discovery clusters |
|
ccm.geo-locations.delete | Allow to delete geographical locations for clusters |
|
ccm.geo-locations.edit | Allow to edit geographical locations for clusters |
|
ccm.geo-locations.view | Allow to view geographical locations for clusters |
|
ccm.geolocation-aggregates.view | Allow to view cluster geolocation aggregates |
|
ccm.insights-recommendations.view | Allow to view Insights recommendations |
|
ccm.kubernetes-clusterrole.create | Allow to create Kubernetes resource - ClusterRole |
|
ccm.kubernetes-clusterrole.delete | Allow to delete Kubernetes resource - ClusterRole | Administrator |
ccm.kubernetes-clusterrolebinding.create | Allow to create Kubernetes resource - ClusterRoleBinding |
|
ccm.kubernetes-clusterrolebinding.delete | Allow to delete Kubernetes resource - ClusterRoleBinding | Administrator |
ccm.kubernetes-configmap.create | Allow to create Kubernetes resource - ConfigMap |
|
ccm.kubernetes-configmap.delete | Allow to delete Kubernetes resource - ConfigMap | Administrator |
ccm.kubernetes-cronjob.create | Allow to create Kubernetes resource - CronJob |
|
ccm.kubernetes-cronjob.delete | Allow to delete Kubernetes resource - CronJob | Administrator |
ccm.kubernetes-customresourcedefinition.create | Allow to create Kubernetes resource - CustomResourceDefinition |
|
ccm.kubernetes-customresourcedefinition.delete | Allow to delete Kubernetes resource - CustomResourceDefinition | Administrator |
ccm.kubernetes-daemonset.create | Allow to create Kubernetes resource - DaemonSet |
|
ccm.kubernetes-daemonset.delete | Allow to delete Kubernetes resource - DaemonSet | Administrator |
ccm.kubernetes-deployment.create | Allow to create Kubernetes resource - Deployment |
|
ccm.kubernetes-deployment.delete | Allow to delete Kubernetes resource - Deployment | Administrator |
ccm.kubernetes-endpoints.create | Allow to create Kubernetes resource - Endpoints |
|
ccm.kubernetes-endpoints.delete | Allow to delete Kubernetes resource - Endpoints | Administrator |
ccm.kubernetes-endpointslice.create | Allow to create Kubernetes resource - EndpointSlice |
|
ccm.kubernetes-endpointslice.delete | Allow to delete Kubernetes resource - EndpointSlice | Administrator |
ccm.kubernetes-horizontalpodautoscaler.create | Allow to create Kubernetes resource - HorizontalPodAutoscaler |
|
ccm.kubernetes-horizontalpodautoscaler.delete | Allow to delete Kubernetes resource - HorizontalPodAutoscaler | Administrator |
ccm.kubernetes-ingress.create | Allow to create Kubernetes resource - Ingress |
|
ccm.kubernetes-ingress.delete | Allow to delete Kubernetes resource - Ingress | Administrator |
ccm.kubernetes-job.create | Allow to create Kubernetes resource - Job |
|
ccm.kubernetes-job.delete | Allow to delete Kubernetes resource - Job | Administrator |
ccm.kubernetes-limitrange.create | Allow to create Kubernetes resource - LimitRange |
|
ccm.kubernetes-limitrange.delete | Allow to delete Kubernetes resource - LimitRange | Administrator |
ccm.kubernetes-namespace.create | Allow to create Kubernetes resource - Namespace |
|
ccm.kubernetes-namespace.delete | Allow to delete Kubernetes resource - Namespace | Administrator |
ccm.kubernetes-networkpolicy.create | Allow to create Kubernetes resource - NetworkPolicy |
|
ccm.kubernetes-networkpolicy.delete | Allow to delete Kubernetes resource - NetworkPolicy | Administrator |
ccm.kubernetes-persistentvolume.create | Allow to create Kubernetes resource - PersistentVolume |
|
ccm.kubernetes-persistentvolume.delete | Allow to delete Kubernetes resource - PersistentVolume | Administrator |
ccm.kubernetes-persistentvolumeclaim.create | Allow to create Kubernetes resource - PersistentVolumeClaim |
|
ccm.kubernetes-persistentvolumeclaim.delete | Allow to delete Kubernetes resource - PersistentVolumeClaim | Administrator |
ccm.kubernetes-pod.create | Allow to create Kubernetes resource - Pod |
|
ccm.kubernetes-pod.delete | Allow to delete Kubernetes resource - Pod | Administrator |
ccm.kubernetes-poddisruptionbudget.create | Allow to create Kubernetes resource - PodDisruptionBudget |
|
ccm.kubernetes-poddisruptionbudget.delete | Allow to delete Kubernetes resource - PodDisruptionBudget | Administrator |
ccm.kubernetes-priorityclass.create | Allow to create Kubernetes resource - PriorityClass |
|
ccm.kubernetes-priorityclass.delete | Allow to delete Kubernetes resource - PriorityClass | Administrator |
ccm.kubernetes-replicaset.create | Allow to create Kubernetes resource - ReplicaSet |
|
ccm.kubernetes-replicaset.delete | Allow to delete Kubernetes resource - ReplicaSet | Administrator |
ccm.kubernetes-resource-types.view | Allow to view Kubernetes resource types list |
|
ccm.kubernetes-resourcequota.create | Allow to create Kubernetes resource - ResourceQuota |
|
ccm.kubernetes-resourcequota.delete | Allow to delete Kubernetes resource - ResourceQuota | Administrator |
ccm.kubernetes-role.create | Allow to create Kubernetes resource - Role |
|
ccm.kubernetes-role.delete | Allow to delete Kubernetes resource - Role | Administrator |
ccm.kubernetes-rolebinding.create | Allow to create Kubernetes resource - RoleBinding |
|
ccm.kubernetes-rolebinding.delete | Allow to delete Kubernetes resource - RoleBinding | Administrator |
ccm.kubernetes-secret.create | Allow to create Kubernetes resource - Secret |
|
ccm.kubernetes-secret.delete | Allow to delete Kubernetes resource - Secret | Administrator |
ccm.kubernetes-service.create | Allow to create Kubernetes resource - Service |
|
ccm.kubernetes-service.delete | Allow to delete Kubernetes resource - Service | Administrator |
ccm.kubernetes-serviceaccount.create | Allow to create Kubernetes resource - ServiceAccount |
|
ccm.kubernetes-serviceaccount.delete | Allow to delete Kubernetes resource - ServiceAccount | Administrator |
ccm.kubernetes-statefulset.create | Allow to create Kubernetes resource - StatefulSet |
|
ccm.kubernetes-statefulset.delete | Allow to delete Kubernetes resource - StatefulSet | Administrator |
ccm.kubernetes-storageclass.create | Allow to create Kubernetes resource - StorageClass |
|
ccm.kubernetes-storageclass.delete | Allow to delete Kubernetes resource - StorageClass | Administrator |
ccm.pod-logs.download | Allow to download pod logs |
|
ccm.prometheus-alerts.view | Allow to view cluster alerts |
|
ccm.prometheus-node-metrics.view | Allow to view cluster node-metrics |
|
ccm.prometheus-pod-metrics.view | Allow to view cluster pod-metrics |
|
ccm.prometheus-stats.view | Allow to view cluster stats |
|
ccm.provider-aggregates.view | Allow to view cluster provider aggregates |
|
Do you have two minutes for a quick survey?
Take Survey
