Edit

Apica defined permissions

There are a set of policy and permissions that are defined by Apica. Find the below list of Apica defined permissions highlighting the function of each and what action they allow.

Dashboards

Policy: manage_dashboards

Allows creating, editing, deleting, and viewing dashboards within the system.

Permission
Resource
Action
Description

get_dashboards

dashboards

read

View dashboards

create_dashboards

dashboards

create

Create new dashboards

edit_dashboards

dashboards

update

Edit existing dashboards

delete_dashboards

dashboards

delete

Delete dashboards

Dashboards (Default)

Policy: manage_dashboards_default

Grants limited default access to viewing and creating dashboards, usually for non-admin roles.

Permission
Resource
Action
Description

get_dashboards

dashboards

read

View dashboards

create_dashboards

dashboards

create

Create new dashboards

Queries

Policy: manage_queries

Allows users to create, edit, execute, and delete queries within the system. Typically granted to analysts or developers who work directly with data.

Permission
Resource
Action
Description

create_queries

queries

create

Create new queries

edit_queries

queries

update

Edit existing queries

execute_queries

queries

execute

Run/execute queries

delete_queries

queries

delete

Delete queries

get_queries

queries

read

View or list queries

Queries (Default)

Policy: manage_queries_default

Provides limited default access to create, edit, execute, and view queries. Usually assigned to standard users.

Permission
Resource
Action
Description

create_queries

queries

create

Create new queries

edit_queries

queries

update

Edit existing queries

execute_queries

queries

execute

Run/execute queries

get_queries

queries

read

View or list queries

Users

Policy: manage_users

Allows administrators to create, update, disable, delete, and view user accounts.

Permission
Resource
Action
Description

get_users

users

read

View user accounts

create_users

users

create

Create new users

edit_users

users

update

Edit user details

disable_users

users

disable

Disable existing users

delete_users

users

delete

Delete user accounts

Users (Default)

Policy: manage_users_default

Provides read-only access to user accounts for non-admin roles.

Permission
Resource
Action
Description

get_users

users

read

View user accounts

Settings

Policy: manage_settings

Gives control over system configuration such as general settings, mail settings, and admin options.

Permission
Resource
Action
Description

get_settings

settings:general

read

View general settings

edit_settings

settings:general

update

Update general settings

get_mail_settings

settings:mail

read

View mail settings

edit_mail_settings

settings:mail

update

Update mail settings

get_admin_settings

settings:admin_settings

read

View admin settings

edit_admin_settings

settings:admin_settings

update

Update admin settings

Settings (Default)

Policy: manage_settings_default

Provides limited read-only access to system settings such as general and mail settings.

Permission
Resource
Action
Description

get_settings

settings:general

read

View general settings

get_mail_settings

settings:mail

read

View mail settings

Groups

Policy: manage_groups

Allows administrators to create, edit, delete, and view groups. Useful for managing user organization and role-based access.

Permission
Resource
Action
Description

get_groups

groups

read

View groups

create_groups

groups

create

Create new groups

edit_groups

groups

update

Edit existing groups

delete_groups

groups

delete

Delete groups

Groups (Default)

Policy: manage_groups_default

Provides read-only access to view groups.

Permission
Resource
Action
Description

get_groups

groups

read

View groups

Alerts

Policy: manage_alerts

Allows creating, editing, deleting, and viewing alerts in the system. Useful for monitoring and notifying based on conditions.

Permission
Resource
Action
Description

get_alerts

alerts

read

View alerts

create_alerts

alerts

create

Create new alerts

edit_alerts

alerts

update

Edit existing alerts

delete_alerts

alerts

delete

Delete alerts

Alerts (Default)

Policy: manage_alerts_default

Provides basic access to create and view alerts, intended for standard users.

Permission
Resource
Action
Description

get_alerts

alerts

read

View alerts

create_alerts

alerts

create

Create new alerts

Data Sources

Policy: manage_data_sources

Allows administrators to create, edit, delete, and view data sources. Essential for connecting and managing integrations.

Permission
Resource
Action
Description

get_data_sources

data_sources

read

View data sources

create_data_sources

data_sources

create

Add new data sources

edit_data_sources

data_sources

update

Edit existing data sources

delete_data_sources

data_sources

delete

Remove data sources

Data Sources (Default)

Policy: manage_data_sources_default

Provides limited access to create new data sources.

Permission
Resource
Action
Description

create_data_sources

data_sources

create

Add new data sources

Journals

Policy: manage_journals

Provides the ability to access the audit trail (system logs of activities). Useful for monitoring and compliance.

Permission
Resource
Action
Description

get_audit_trail

events

read

View system audit logs

License

Policy: manage_license

Provides control over viewing and updating the system license.

Permission
Resource
Action
Description

view_license

license

read

View current license info

update_license

license

update

Update or change license

License (Default)

Policy: manage_license_default

Allows viewing license information without update privileges.

Permission
Resource
Action
Description

view_license

license

read

View current license info

Notification Destinations

Policy: manage_notification_destinations

Gives full control over notification destinations used for alerts and other system events.

Permission
Resource
Action
Description

create_notification_destinations

notification_destinations

create

Create new notification destinations

get_notification_destinations

notification_destinations

read

View existing notification destinations

edit_notification_destinations

notification_destinations

update

Update notification destinations

delete_notification_destinations

notification_destinations

Notification Destinations (Default)

Policy: manage_notification_destinations_default

Provides limited access to create and update notification destinations, usually for standard users.

Permission
Resource
Action
Description

create_notification_destinations

notification_destinations

create

Create new notification destinations

edit_notification_destinations

notification_destinations

update

Update notification destinations

Pipeline Rules

Policy: manage_pipeline_rules

Allows managing rules for pipelines, including creating, editing, deleting, and viewing them.

Permission
Resource
Action
Description

get_pipeline_rules

pipelines

read

View pipeline rules

create_pipeline_rules

pipelines

create

Create new pipeline rules

edit_pipeline_rules

pipelines

update

Edit existing pipeline rules

delete_pipeline_rules

pipelines

delete

Delete pipeline rules

Pipeline Rules (Default)

Policy: manage_pipeline_rules_default

Provides limited read-only or create/edit access to pipeline rules for non-admin users.

Permission
Resource
Action
Description

get_pipeline_rules

pipelines

read

View pipeline rules

create_pipeline_rules

pipelines

create

Create new pipeline rules

edit_pipeline_rules

pipelines

update

Edit existing pipeline rules

Pipelines

Policy: manage_pipelines

Allows creating, updating, deleting, and viewing pipelines in the system.

Permission
Resource
Action
Description

create_pipeline

pipelines

create

Create new pipelines

delete_pipeline

pipelines

delete

Delete pipelines

update_pipeline

pipelines

update

Update pipelines

read_pipeline

pipelines

read

View pipeline details

Pipelines (Default)

Policy: manage_pipelines_default

Provides read-only access to pipelines, typically for standard users.

Permission
Resource
Action
Description

read_pipeline

pipelines

read

View pipeline details

Forwarders

Policy: manage_forwarders

Allows full management of forwarders, including creating, editing, deleting, and viewing them.

Permission
Resource
Action
Description

get_forwarders

forwarders

read

View forwarders

create_forwarders

forwarders

create

Create new forwarders

edit_forwarders

forwarders

update

Edit existing forwarders

delete_forwarders

forwarders

delete

Delete forwarders

Forwarders (Default)

Policy: manage_forwarders_default

Provides limited read-only access to forwarders for non-admin users.

Permission
Resource
Action
Description

get_forwarders

forwarders

read

View forwarders

Forwarder Mappings

Policy: manage_forwarder_mappings

Allows full control over forwarder mappings, including creating, editing, deleting, and viewing them.

Permission
Resource
Action
Description

get_forwarder_mappings

forwarders:mappings

read

View forwarder mappings

create_forwarder_mappings

forwarders:mappings

create

Create new forwarder mappings

edit_forwarder_mappings

forwarders:mappings

update

Edit existing mappings

delete_forwarder_mappings

forwarders:mappings

delete

Delete forwarder mappings

Forwarder Mappings (Default)

Policy: manage_forwarder_mappings_default

Provides read-only access to forwarder mappings for non-admin users.

Permission
Resource
Action
Description

get_forwarder_mappings

forwarders:mappings

read

View forwarder mappings

Source Extensions

Policy: manage_source_extensions

Allows administrators to create, edit, delete, and view source extensions. Useful for managing integrations and data enrichment.

Permission
Resource
Action
Description

get_source_extensions

source_extensions

read

View source extensions

create_source_extensions

source_extensions

create

Add new source extensions

edit_source_extensions

source_extensions

edit

Edit existing source extensions

delete_source_extensions

source_extensions

delete

Delete source extensions

Source Extensions (Default)

Policy: manage_source_extensions_default

Provides read-only access to source extensions for non-admin users.

Permission
Resource
Action
Description

get_source_extensions

source_extensions

read

View source extensions

Fleet Agents

Policy: manage_fleet_agents

Allows full management of fleet agents, including creating, editing, deleting, and viewing them.

Permission
Resource
Action
Description

get_fleet_agents

fleet:agents

read

View fleet agents

create_fleet_agents

fleet:agents

create

Add new fleet agents

edit_fleet_agents

fleet:agents

update

Edit existing agents

delete_fleet_agents

fleet:agents

delete

Delete fleet agents

Fleet Agents (Default)

Policy: manage_fleet_agents_default

Provides read-only access to fleet agents for non-admin users.

Permission
Resource
Action
Description

get_fleet_agents

fleet:agents

read

View fleet agents

Fleet Configurations

Policy: manage_fleet_configurations

Allows full management of fleet configurations, including creating, editing, deleting, and viewing them.

Permission
Resource
Action
Description

get_fleet_configurations

fleet:configurations

read

View fleet configurations

create_fleet_configurations

fleet:configurations

create

Add new fleet configurations

edit_fleet_configurations

fleet:configurations

update

Edit existing configurations

delete_fleet_configurations

fleet:configurations

delete

Delete fleet configurations

Fleet Configurations (Default)

Policy: manage_fleet_configurations_default

Provides read-only access to fleet configurations for non-admin users.

Permission
Resource
Action
Description

get_fleet_configurations

fleet:configurations

read

View fleet configurations

Fleet Packages

Policy: manage_fleet_packages

Allows full management of fleet packages, including creating, editing, deleting, and viewing them.

Permission
Resource
Action
Description

get_fleet_packages

fleet:packages

read

View fleet packages

create_fleet_packages

fleet:packages

create

Add new fleet packages

edit_fleet_packages

fleet:packages

update

Edit existing packages

delete_fleet_packages

fleet:packages

delete

Delete fleet packages

Fleet Packages (Default)

Policy: manage_fleet_packages_default

Provides read-only access to fleet packages for non-admin users.

Permission
Resource
Action
Description

get_fleet_packages

fleet:packages

read

View fleet packages

Fleet User

Policy: manage_fleet_user

Allows viewing fleet user details and monitoring user access.

Permission
Resource
Action
Description

get_fleet_user

fleet:user

read

View fleet user details

Fleet Install

Policy: manage_fleet_install

Allows creating new fleet installations for deploying and managing agents.

Permission
Resource
Action
Description

fleet_create_install

fleet:install

create

Create new fleet installations

Scenarios

Policy: manage_scenarios

Allows full management of scenarios, including creating, viewing, editing, and deleting them.

Permission
Resource
Action
Description

create_scenarios

scenarios

create

Create new scenarios

view_scenarios

scenarios

read

View existing scenarios

edit_scenarios

scenarios

update

Edit existing scenarios

delete_scenarios

scenarios

delete

Delete scenarios

Certificates

Policy: manage_certificates

Allows full management of certificates, including viewing, adding, hiding, and deleting them.

Permission
Resource
Action
Description

view_certificates

certificates

read

View certificates

add_certificates

certificates

create

Add new certificates

hide_certificates

certificates

update

Hide existing certificates

delete_certificates

certificates

delete

Delete certificates

Checks as Admin

Policy: manage_checks_as_admin

Allows administrators to edit all checks across the system.

Permission
Resource
Action
Description

edit_all_checks

checks

update

Edit all checks as admin

Checks

Policy: manage_checks

Allows full management of system checks, including creating, editing, cloning, deleting, running, and enabling them.

Permission
Resource
Action
Description

view_checks

checks

read

View existing checks

run_checks

checks

execute

Execute checks

create_checks

checks

create

Create new checks

edit_checks

checks

update

Edit existing checks

clone_checks

checks

clone

Clone existing checks

delete_checks

checks

delete

Delete checks

enable_checks

checks

update

Enable checks

Dataflows

Policy: manage_dataflows

Allows viewing dataflows in the system for monitoring and analysis purposes.

Permission
Resource
Action
Description

view_dataflows

dataflows

read

View dataflows

Run Checks

Policy: manage_run_checks

Allows execution of checks in the system.

Permission
Resource
Action
Description

run_checks

checks

execute

Execute system checks

Create Checks

Policy: manage_create_checks

Allows creating new checks in the system.

Permission
Resource
Action
Description

create_checks

checks

create

Create new checks

Metrics

Policy: manage_metrics

Allows full management of metrics, including viewing, creating, editing, and deleting them.

Permission
Resource
Action
Description

view_metrics

metrics

read

View metrics

edit_metrics

metrics

update

Edit existing metrics

create_metrics

metrics

create

Create new metrics

delete_metrics

metrics

delete

Delete metrics

Policies

Policy: manage_policies

Allows full management of system policies, including viewing, creating, editing, and deleting them.

Permission
Resource
Action
Description

view_policies

policies

read

View policies

edit_policies

policies

update

Edit existing policies

create_policies

policies

create

Create new policies

delete_policies

policies

delete

Delete policies

System Status

Policy: manage_system_status

Allows viewing the current status of the system.

Permission
Resource
Action
Description

read_system_status

system_status

read

View system status

Tags

Policy: manage_tags

Allows full management of tags, including viewing, creating, editing, and deleting them.

Permission
Resource
Action
Description

view_tags

tags

read

View tags

edit_tags

tags

update

Edit existing tags

create_tags

tags

create

Create new tags

delete_tags

tags

delete

Delete tags

Private Agents

Policy: manage_private_agents

Allows full management of private agents, including viewing, creating, editing, and deleting them.

Permission
Resource
Action
Description

view_private_agents

private-agents

read

View private agents

edit_private_agents

private-agents

update

Edit existing agents

create_private_agents

private-agents

create

Create new private agents

delete_private_agents

private-agents

delete

Delete private agents

PreviousPermissionsNextRole Management

Last updated

Was this helpful?