Skip to main content

Permissions

In this section, you will find details about permissions in the StackSpot Account.


Permissions are a set of actions defined for one or more Resources on the platform. Resources represent the objects users interact with, such as Accounts, Workspaces, plug-ins, Stacks, and Applications.

The interactions with resources are called actions and depend on their Resource Type. Resource Types represents the entities from StackSpot where the resources came from. The entities are StackSpot Platform (as a whole), Account, Workspace, Studios, and Insights.

Based on that, check below some permission examples:

  • Permission to create a Workspace;
  • Permission to create a Plugin;
  • Permission to create a Stack;

Check out the tables below to view the permissions according to Resource Type:

Resource type: StackSpot Platform

The permissions from this Resource Type are for management roles. So that's why Accounts, Studios, and Workspaces are considered resources here.

ResourceActionDescription
Accountcreate, update, activate, deactivateA role with permissions for this resource in this resource type can create, update, deactivate, or activate an Account.
Studiocreate, update, delete, view, change visibilityA role with permissions for this resource in this resource type can create,delete, edit, and change the visibility of a Studio from a StackSpot Account.
Workspacecreate, update, deleteA role with permissions for this resource in this resource type can create, delete, and edit, a Workspace from a StackSpot Account.

Resource type: Account

The permissions from this Resource Type concern StackSpot actions users can do with Account resources.

ResourceActionDescription
Partnercreate, update, deleteA role with permissions for this resource in this resource type can create, update, and delete a Partner Account.
APIsassociate, disassociate,grant_accessManage shared API resource and access control with the partner Account.
Productassociate, disassociateManage shared Product API resource with the partner.
Groupcreate, update, delete, associate, disassociate, viewA role with permissions for this resource, in this resource type, can manage groups.
Rolecreate, update, delete, associate, disassociate, viewThese are permissions related to what can be done with Roles within the account. For example, creating a new Role, updating a Role or deleting a Role.
Membersassociate, create, update, viewUsers with these permissions can associate roles with members, create new members, update member information or view members.
SCMcreate, view, updateA user with these permissions can setup SCM credentials at the account level; view SCM credentials at the account level and update SCM credentials at the account level.
Invitecreate, update, view, deleteA user with these permissions can invite new members to the account; update pending invitations; view invitations; revoke pending invitations.
Credentiaslview, create, update,delete, associate, disassociate-
Resource TypeviewA user with this permission can view the resource types in the StackSpot Platform.
Personal Access Token (PAT)view, createA user with this permissions can view personal access token; and create Client Id/Client Secret Access Token
ResourceviewA user with this permission can view groups and roles resources.
PermissionsviewA user with this permissions can see groups and roles permissions within the StackSpot Platform.
Knowledge source (AI Platform resource)create, update, deleteManagement of Knowledge Sources in the Account context. Ability to create, update (change the name, description, and settings of the AI Stack) and delete a Knowledge Source in the StackSpot AI platform.
Custom quick commands (AI Platform resource)create, update, deleteManagement of Custom Quick Commands in the Account context. Ability to create, update (change the name, description, and settings of the AI Stack) and delete a Custom Quick Command in the StackSpot AI platform.
Custom Cloud Account (Cloud Services Platform Resource)view-
Managed cloud Account (Cloud Services Platform Resource)view-
FinOps Reports (Cloud Services Platform Resource)view
FinOps Billing (Cloud Services Platform Resource)download-
FinOps Saving Plans (Cloud Services Platform Resource)request, cancel-
FinOps Forecast (Cloud Services Platform Resource)view-
Support (Cloud Services Platform Resource)view, open, close-
Alerts (Cloud Services Platform Resource)acknowledgeAcknowledge alerts in account
Baseline (Recurso da Plataforma de Cloud Sources)view, create, update-

Resource type: Studio

The permissions from this Resource Type are actions users can do with Studio resources.

ResourceActionDescription
Pluginspublish, unpublish, deprecate, downloadActions a person can do with a Plugin inside a Studio. For example, a user can create a Plugin in a Studio.
Actionpublish, unpublish, deprecateWhat users can do with an Action inside a Studio. For example, a user can create an Action in a Studio.
Stackscreate, update, delete, publish, unpublish, deprecate, setActions users can do with a Stack inside a Studio. For example, to create a Stack.
StarterscreateActions a user can do with a Starter inside a Studio.
Stack AI (AI Platform resource)create, update, deleteManagement of Stack AI content in Studios. Ability to create, update (change the name, description, and settings of the AI Stack) and delete a Stack AI in the StackSpot AI platform.
Custom quick commands (AI Platform resource)publish, unplublishManagement of Custom Quick Commands in Studios.

Resource type: Workspace

The permissions from this Resource Type are actions users can do with Workspace resources.

ResourceActionDescription
Stack Associationsassociate, unassociatedActions a user can do with a Stack in a Workspace. For example, a user can add a Stack to a Workspace.
Plugins SetupSetupActions a user can do with a Plugin in a Workspace. For example, define context inputs when plugins will be used.
Actions SetupSetupAn user can setup an Action in the Workspace.
Dynamic Linkscreate, update, deleteActions a user can do with a Dynamic Link in a Workspace. For example, define whether the dynamic link configured in the plugin will be visible after creating the Application.
Static Linkscreate, update, delete, viewManage the creation of Static Links. For example, users can create/add Static Links to a Workspace, delete them later, or edit their URL.
Applicationscreate, delete, updateActions a user can do with an Application in a Workspace. For example, a user with this permission can create an Application in the Workspace.
Infrastructurecreate, delete, updateActions a user can do with Infrastructures in a Workspace. For example, a user with this permission can create an Infrastructure in the Workspace.
Connection Interfaces (Manual)create, delete, update, viewManage Connection Interfaces manual creation and visibility to share with others Workspaces.
Connection Interfaces (Automatic)viewA user with this permission can manage Connection Interfaces visibility to share with others Workspaces.
APIscreate, update, deleteManage catalog api creation. A user with this permission can create an API in the Workspace.
Productscreate, update, delete, viewManage catalog API's products creation
Cloud Providerscreate, updateConfigure cloud provider accounts per workspace environment.
Stack AIassociate, disassociateManagement of Stack AI content in Workspaces. Ability to associate/disassociate a Stack AI to a Workspace in the StackSpot AI platform.
Knowledge source (AI Platform resource)associate, disassociateKnowledge Sources management in Workspaces. Ability to associate/disassociate a Knowledge Source to a Workspace in the StackSpot AI platform.
Custom quick commands (AI Platform resource)associate, disassociateCustom Quick Commands management in Workspaces. Ability to associate/disassociate a Custom Quick Command to a Workspace in the StackSpot AI platform.
Alerts (Cloud Services Platform Resource)view, acknowledge-
Guard Rails (Cloud Services Platform Resource)view, activate, deactivate-
Custom Cloud Account (Cloud Services Platform Resource)view, create, update, delete-
Managed Cloud Account (Cloud Services Platform Resource)view, create, update, delete-
Cloud Resource (Cloud Services Platform Resource)view-

Resource Type Insights

The permissions from this Resource Type are actions users can do with Insights resources.

ResourceDescriptionAction
Reportdownload_studio; download_account-

Next Steps