Skip to content

Permissions

A permission is a fundamental building block for constructing authorization. In IAM, a permission consists of two key attributes:

  • Action: The specific action that is allowed.
  • Resource: The entity or object on which the action can be performed.

Additionally, a permission may include an optional description field to clarify its purpose. However, a permission alone does not have any effect until it is grouped into a role and assigned to an entity.

Who can create a permission?

  • Any application can create its own set of permissions.
  • Users cannot create permissions.

Tips:

  • Prefer actions in verb form (e.g., read, write, delete).
  • Create fine-grained permissions for better access control.