A new platform for documentation and tutorials is launching soon.

We are migrating Boundary documentation into HashiCorp Developer, our new developer experience.

Join Now
Type '/' to Search

»Resource Table

The following table works as a quick cheat-sheet to help you manage your permissions. Note that it's not exhaustive; for brevity it does not show wildcard or templated grant strings.

Additionally, this does not include available output fields; see the service documentation for guidance.

Resource TypeApplicable ScopesAPI EndpointParameters into Permissions EngineAvailable Actions / Examples
Account
  • Global
  • Org
/accounts
  • Type
    • account
  • create: Create an account
    • type=<type>;actions=create
  • list: List accounts
    • type=<type>;actions=list
/accounts/<id>
  • ID
    • <id>
  • Pin
    • <auth-method-id>
  • Type
    • account
  • read: Read an account
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update an account
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete an account
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
  • set-password: Set a password on an account, without requiring the current password
    • id=<id>;actions=set-password
    • id=<pin>;type=<type>;actions=set-password
  • change-password: Change a password on an account given the current password
    • id=<id>;actions=change-password
    • id=<pin>;type=<type>;actions=change-password
Auth Method
  • Global
  • Org
/auth-methods
  • Type
    • auth-method
  • create: Create an auth method
    • type=<type>;actions=create
  • list: List auth methods
    • type=<type>;actions=list
/auth-methods/<id>
  • ID
    • <id>
  • Type
    • auth-method
  • read: Read an auth method
    • id=<id>;actions=read
  • update: Update an auth method
    • id=<id>;actions=update
  • delete: Delete an auth method
    • id=<id>;actions=delete
  • authenticate: Authenticate to an auth method
    • id=<id>;actions=authenticate
Auth Token
  • Global
  • Org
/auth-tokens
  • Type
    • auth-token
  • list: List auth tokens
    • type=<type>;actions=list
/auth-tokens/<id>
  • ID
    • <id>
  • Type
    • auth-token
  • read: Read an auth token
    • id=<id>;actions=read
  • delete: Delete an auth token
    • id=<id>;actions=delete
Group
  • Global
  • Org
  • Project
/groups
  • Type
    • group
  • create: Create a group
    • type=<type>;actions=create
  • list: List groups
    • type=<type>;actions=list
/groups/<id>
  • ID
    • <id>
  • Type
    • group
  • read: Read a group
    • id=<id>;actions=read
  • update: Update a group
    • id=<id>;actions=update
  • delete: Delete a group
    • id=<id>;actions=delete
  • add-members: Add members to a group
    • id=<id>;actions=add-members
  • set-members: Set the full set of members on a group
    • id=<id>;actions=set-members
  • remove-members: Remove members from a group
    • id=<id>;actions=remove-members
Host
  • Project
/hosts
  • Type
    • host
  • create: Create a host
    • type=<type>;actions=create
  • list: List hosts
    • type=<type>;actions=list
/hosts/<id>
  • ID
    • <id>
  • Pin
    • <host-catalog-id>
  • Type
    • host
  • read: Read a host
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update a host
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete a host
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
Host Catalog
  • Project
/host-catalogs
  • Type
    • host-catalog
  • create: Create a host catalog
    • type=<type>;actions=create
  • list: List host catalogs
    • type=<type>;actions=list
/host-catalogs/<id>
  • ID
    • <id>
  • Type
    • host-catalog
  • read: Read a host catalog
    • id=<id>;actions=read
  • update: Update a host catalog
    • id=<id>;actions=update
  • delete: Delete a host catalog
    • id=<id>;actions=delete
Host Set
  • Project
/host-sets
  • Type
    • host-set
  • create: Create a host set
    • type=<type>;actions=create
  • list: List host sets
    • type=<type>;actions=list
/host-sets/<id>
  • ID
    • <id>
  • Pin
    • <host-catalog-id>
  • Type
    • host-set
  • read: Read a host set
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update a host set
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete a host set
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
  • add-hosts: Add hosts to a host-set
    • id=<id>;actions=add-hosts
    • id=<pin>;type=<type>;actions=add-hosts
  • set-hosts: Set the full set of hosts on a host set
    • id=<id>;actions=set-hosts
    • id=<pin>;type=<type>;actions=set-hosts
  • remove-hosts: Remove hosts from a host set
    • id=<id>;actions=remove-hosts
    • id=<pin>;type=<type>;actions=remove-hosts
Managed Group
  • Global
  • Org
/managed-groups
  • Type
    • managed-group
  • create: Create a managed group
    • type=<type>;actions=create
  • list: List managed groups
    • type=<type>;actions=list
/managed-groups/<id>
  • ID
    • <id>
  • Pin
    • <auth-method-id>
  • Type
    • managed-group
  • read: Read a managed group
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update a managed group
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete a managed group
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
Role
  • Global
  • Org
  • Project
/roles
  • Type
    • role
  • create: Create a role
    • type=<type>;actions=create
  • list: List roles
    • type=<type>;actions=list
/roles/<id>
  • ID
    • <id>
  • Type
    • role
  • read: Read a role
    • id=<id>;actions=read
  • update: Update a role
    • id=<id>;actions=update
  • delete: Delete a role
    • id=<id>;actions=delete
  • add-principals: Add principals to a role
    • id=<id>;actions=add-principals
  • set-principals: Set the full set of principals on a role
    • id=<id>;actions=set-principals
  • remove-principals: Remove principals from a role
    • id=<id>;actions=remove-principals
  • add-grants: Add grants to a role
    • id=<id>;actions=add-grants
  • set-grants: Set the full set of grants on a role
    • id=<id>;actions=set-grants
  • remove-grants: Remove grants from a role
    • id=<id>;actions=remove-grants
Scope
  • Global
  • Org
/scopes
  • Type
    • scope
  • create: Create a scope
    • type=<type>;actions=create
  • list: List scopes
    • type=<type>;actions=list
/scopes/<id>
  • ID
    • <id>
  • Type
    • scope
  • read: Read a scope
    • id=<id>;actions=read
  • update: Update a scope
    • id=<id>;actions=update
  • delete: Delete a scope
    • id=<id>;actions=delete
Session
  • Project
/sessions
  • Type
    • session
  • list: List sessions
    • type=<type>;actions=list
/session/<id>
  • ID
    • <id>
  • Type
    • session
  • read: Read a session
    • id=<id>;actions=read
  • cancel: Cancel a session
    • id=<id>;actions=cancel
  • read:self: Read a session, which must be associated with the calling user
    • id=*;type=session;actions=read:self
  • cancel:self: Cancel a session, which must be associated with the calling user
    • id=*;type=session;actions=cancel:self
Target
  • Project
/targets
  • Type
    • target
  • create: Create a target
    • type=<type>;actions=create
  • list: List targets
    • type=<type>;actions=list
/targets/<id>
  • ID
    • <id>
  • Type
    • target
  • read: Read a target
    • id=<id>;actions=read
  • update: Update a target
    • id=<id>;actions=update
  • delete: Delete a target
    • id=<id>;actions=delete
  • add-host-sets: Add host sets to a target
    • id=<id>;actions=add-host-sets
  • set-host-sets: Set the full set of host sets on a target
    • id=<id>;actions=set-host-sets
  • remove-host-sets: Remove host sets from a target
    • id=<id>;actions=remove-host-sets
  • authorize-session: Authorize a session via the target
    • id=<id>;actions=authorize-session
User
  • Global
  • Org
/users
  • Type
    • user
  • create: Create a user
    • type=<type>;actions=create
  • list: List users
    • type=<type>;actions=list
/users/<id>
  • ID
    • <id>
  • Type
    • user
  • read: Read a user
    • id=<id>;actions=read
  • update: Update a user
    • id=<id>;actions=update
  • delete: Delete a user
    • id=<id>;actions=delete
  • add-accounts: Add accounts to a user
    • id=<id>;actions=add-accounts
  • set-accounts: Set the full set of accounts on a user
    • id=<id>;actions=set-accounts
  • remove-accounts: Remove accounts from a user
    • id=<id>;actions=remove-accounts
Worker
  • Global
/workers
  • Type
    • workers
  • list: List workers
    • type=<type>;actions=list
  • create:worker-led: Create a worker using the worker-led workflow
    • type=<type>;actions=create
    • type=<type>;actions=create:worker-led
/workers/<id>
  • ID
    • <id>
  • Type
    • workers
  • read: Read a worker
    • id=<id>;actions=read
  • update: Update a worker
    • id=<id>;actions=update
  • delete: Delete a worker
    • id=<id>;actions=delete