June 20-22 Announcing HashiConf Europe full schedule: keynotes, sessions, labs & more Register Now
  • Infrastructure
    • terraform
    • packer
  • Networking
    • consul
  • Security
    • vault
    • boundary
  • Applications
    • nomad
    • waypoint
    • vagrant
  • HashiCorp Cloud Platform

    A fully managed platform to automate infrastructure on any cloud with HashiCorp products.

    • consul
    • terraform
    • vault
    • packerbeta
    Visit cloud.hashicorp.com
  • Overview
  • Tutorials
  • Docs
  • API
  • Community
GitHub—Stars on GitHub
Download
    • v0.8.x (latest)
    • v0.7.x
    • v0.6.x
    • v0.5.x
    • v0.4.x
    • v0.3.x
    • v0.2.x
    • v0.1.x
  • What is Boundary?
    • Overview
      • Overview
      • Production
    • Run and Login
    • Connect to Target
    • Overview
    • Non-Dev Environments
    • Systemd Install
    • Postgres Install
    • High Availability Install
    • Reference Architectures
    • Overview
    • API
    • CLI
    • Go SDK
    • Desktop
    • Desktop
    • Overview
    • Service Discovery
      • Overview
        • Overview
        • Assignable Permissions
        • Permission Grant Formats
        • Resource Table
      • Data Encryption
      • Connections/TLS
      • Overview
      • Accounts
      • Auth Methods
      • Credentials
      • Credential Libraries
      • Credential Stores
      • Groups
      • Hosts
      • Host Catalogs
      • Host Sets
      • Managed Groups
      • Scopes
      • Sessions
      • Session Connections
      • Targets
      • Roles
      • Users
      • Overview
      • OIDC Managed Groups
      • Resource Listing
      • Worker Tags
      • Events
    • Overview
    • Building
    • Developing the UI

    • Overview
      • Overview
      • TCP
      • Unix
      • Overview
      • AEAD
      • AWS KMS
      • AliCloud KMS
      • Azure Key Vault
      • GCP Cloud KMS
      • OCI KMS
      • Vault Transit
    • controller
    • worker
      • Overview
      • Common Sink Parameters
      • File Sink
      • Stderr Sink
    • plugins
    • Overview
    • Metrics
    • Health Endpoint
  • Common Workflows
    • Overview
    • Manage Roles
    • Manage Scopes
    • Manage Sessions
    • Manage Targets
    • Manage Users and Groups
    • Workflow SSH Proxy

  • Roadmap
    • Overview
    • v0.8.0
    • v0.7.0
    • v0.6.0
    • v0.5.0
    • v0.4.0
    • v0.3.0
    • v0.2.0
    • v0.1.0
Type '/' to Search

»Resource Table

The following table works as a quick cheat-sheet to help you manage your permissions. Note that it's not exhaustive; for brevity it does not show wildcard or templated grant strings.

Additionally, this does not include available output fields; see the service documentation for guidance.

Resource TypeApplicable ScopesAPI EndpointParameters into Permissions EngineAvailable Actions / Examples
Account
  • Global
  • Org
/accounts
  • Type
    • account
  • create: Create an account
    • type=<type>;actions=create
  • list: List accounts
    • type=<type>;actions=list
/accounts/<id>
  • ID
    • <id>
  • Pin
    • <auth-method-id>
  • Type
    • account
  • read: Read an account
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update an account
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete an account
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
  • set-password: Set a password on an account, without requiring the current password
    • id=<id>;actions=set-password
    • id=<pin>;type=<type>;actions=set-password
  • change-password: Change a password on an account given the current password
    • id=<id>;actions=change-password
    • id=<pin>;type=<type>;actions=change-password
Auth Method
  • Global
  • Org
/auth-methods
  • Type
    • auth-method
  • create: Create an auth method
    • type=<type>;actions=create
  • list: List auth methods
    • type=<type>;actions=list
/auth-methods/<id>
  • ID
    • <id>
  • Type
    • auth-method
  • read: Read an auth method
    • id=<id>;actions=read
  • update: Update an auth method
    • id=<id>;actions=update
  • delete: Delete an auth method
    • id=<id>;actions=delete
  • authenticate: Authenticate to an auth method
    • id=<id>;actions=authenticate
Auth Token
  • Global
  • Org
/auth-tokens
  • Type
    • auth-token
  • list: List auth tokens
    • type=<type>;actions=list
/auth-tokens/<id>
  • ID
    • <id>
  • Type
    • auth-token
  • read: Read an auth token
    • id=<id>;actions=read
  • delete: Delete an auth token
    • id=<id>;actions=delete
Group
  • Global
  • Org
  • Project
/groups
  • Type
    • group
  • create: Create a group
    • type=<type>;actions=create
  • list: List groups
    • type=<type>;actions=list
/groups/<id>
  • ID
    • <id>
  • Type
    • group
  • read: Read a group
    • id=<id>;actions=read
  • update: Update a group
    • id=<id>;actions=update
  • delete: Delete a group
    • id=<id>;actions=delete
  • add-members: Add members to a group
    • id=<id>;actions=add-members
  • set-members: Set the full set of members on a group
    • id=<id>;actions=set-members
  • remove-members: Remove members from a group
    • id=<id>;actions=remove-members
Host
  • Project
/hosts
  • Type
    • host
  • create: Create a host
    • type=<type>;actions=create
  • list: List hosts
    • type=<type>;actions=list
/hosts/<id>
  • ID
    • <id>
  • Pin
    • <host-catalog-id>
  • Type
    • host
  • read: Read a host
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update a host
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete a host
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
Host Catalog
  • Project
/host-catalogs
  • Type
    • host-catalog
  • create: Create a host catalog
    • type=<type>;actions=create
  • list: List host catalogs
    • type=<type>;actions=list
/host-catalogs/<id>
  • ID
    • <id>
  • Type
    • host-catalog
  • read: Read a host catalog
    • id=<id>;actions=read
  • update: Update a host catalog
    • id=<id>;actions=update
  • delete: Delete a host catalog
    • id=<id>;actions=delete
Host Set
  • Project
/host-sets
  • Type
    • host-set
  • create: Create a host set
    • type=<type>;actions=create
  • list: List host sets
    • type=<type>;actions=list
/host-sets/<id>
  • ID
    • <id>
  • Pin
    • <host-catalog-id>
  • Type
    • host-set
  • read: Read a host set
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update a host set
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete a host set
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
  • add-hosts: Add hosts to a host-set
    • id=<id>;actions=add-hosts
    • id=<pin>;type=<type>;actions=add-hosts
  • set-hosts: Set the full set of hosts on a host set
    • id=<id>;actions=set-hosts
    • id=<pin>;type=<type>;actions=set-hosts
  • remove-hosts: Remove hosts from a host set
    • id=<id>;actions=remove-hosts
    • id=<pin>;type=<type>;actions=remove-hosts
Managed Group
  • Global
  • Org
/managed-groups
  • Type
    • managed-group
  • create: Create a managed group
    • type=<type>;actions=create
  • list: List managed groups
    • type=<type>;actions=list
/managed-groups/<id>
  • ID
    • <id>
  • Pin
    • <auth-method-id>
  • Type
    • managed-group
  • read: Read a managed group
    • id=<id>;actions=read
    • id=<pin>;type=<type>;actions=read
  • update: Update a managed group
    • id=<id>;actions=update
    • id=<pin>;type=<type>;actions=update
  • delete: Delete a managed group
    • id=<id>;actions=delete
    • id=<pin>;type=<type>;actions=delete
Role
  • Global
  • Org
  • Project
/roles
  • Type
    • role
  • create: Create a role
    • type=<type>;actions=create
  • list: List roles
    • type=<type>;actions=list
/roles/<id>
  • ID
    • <id>
  • Type
    • role
  • read: Read a role
    • id=<id>;actions=read
  • update: Update a role
    • id=<id>;actions=update
  • delete: Delete a role
    • id=<id>;actions=delete
  • add-principals: Add principals to a role
    • id=<id>;actions=add-principals
  • set-principals: Set the full set of principals on a role
    • id=<id>;actions=set-principals
  • remove-principals: Remove principals from a role
    • id=<id>;actions=remove-principals
  • add-grants: Add grants to a role
    • id=<id>;actions=add-grants
  • set-grants: Set the full set of grants on a role
    • id=<id>;actions=set-grants
  • remove-grants: Remove grants from a role
    • id=<id>;actions=remove-grants
Scope
  • Global
  • Org
/scopes
  • Type
    • scope
  • create: Create a scope
    • type=<type>;actions=create
  • list: List scopes
    • type=<type>;actions=list
/scopes/<id>
  • ID
    • <id>
  • Type
    • scope
  • read: Read a scope
    • id=<id>;actions=read
  • update: Update a scope
    • id=<id>;actions=update
  • delete: Delete a scope
    • id=<id>;actions=delete
Session
  • Project
/sessions
  • Type
    • session
  • list: List sessions
    • type=<type>;actions=list
/session/<id>
  • ID
    • <id>
  • Type
    • session
  • read: Read a session
    • id=<id>;actions=read
  • cancel: Cancel a session
    • id=<id>;actions=cancel
  • read:self: Read a session, which must be associated with the calling user
    • id=*;type=session;actions=read:self
  • cancel:self: Cancel a session, which must be associated with the calling user
    • id=*;type=session;actions=cancel:self
Target
  • Project
/targets
  • Type
    • target
  • create: Create a target
    • type=<type>;actions=create
  • list: List targets
    • type=<type>;actions=list
/targets/<id>
  • ID
    • <id>
  • Type
    • target
  • read: Read a target
    • id=<id>;actions=read
  • update: Update a target
    • id=<id>;actions=update
  • delete: Delete a target
    • id=<id>;actions=delete
  • add-host-sets: Add host sets to a target
    • id=<id>;actions=add-host-sets
  • set-host-sets: Set the full set of host sets on a target
    • id=<id>;actions=set-host-sets
  • remove-host-sets: Remove host sets from a target
    • id=<id>;actions=remove-host-sets
  • authorize-session: Authorize a session via the target
    • id=<id>;actions=authorize-session
User
  • Global
  • Org
/users
  • Type
    • user
  • create: Create a user
    • type=<type>;actions=create
  • list: List users
    • type=<type>;actions=list
/users/<id>
  • ID
    • <id>
  • Type
    • user
  • read: Read a user
    • id=<id>;actions=read
  • update: Update a user
    • id=<id>;actions=update
  • delete: Delete a user
    • id=<id>;actions=delete
  • add-accounts: Add accounts to a user
    • id=<id>;actions=add-accounts
  • set-accounts: Set the full set of accounts on a user
    • id=<id>;actions=set-accounts
  • remove-accounts: Remove accounts from a user
    • id=<id>;actions=remove-accounts
github logoEdit this page
DocsLearnPrivacySecurityPress KitConsent Manager