Permissions
A permission is a fundamental building block for constructing authorization. In IAM, a permission consists of two key attributes:
- Action: The specific action that is allowed.
- Resource: The entity or object on which the action can be performed.
Additionally, a permission may include an optional description field to clarify its purpose. However, a permission alone does not have any effect until it is grouped into a role and assigned to an entity.
Who can create a permission?
- Any application can create its own set of permissions.
- Users cannot create permissions.
Tips:
- Prefer actions in verb form (e.g.,
read,write,delete). - Create fine-grained permissions for better access control.