Verbs
Verbs
The verbs are listed in order of least amount of ability to most. The exact meaning of a each verb depends on which resource-type it's paired with. Tables provided in each service-specific policy reference show the API operations covered by each combination of verb and resource-type.
Verb | Types of Access Covered | Target User |
---|---|---|
inspect
|
Ability to list resources, without access to any confidential information or user-specified metadata that may be part of that resource. Important: The operation to list policies includes the contents of the policies themselves, and the list operations for the Networking resource-types return all the information (e.g., the contents of security lists and route tables). | Third-party auditors |
read
|
Includes inspect plus the ability to get user-specified metadata and the actual resource itself. |
Internal auditors |
use
|
Includes read plus the ability to work with existing resources (the actions vary by resource type). Includes the ability to update the resource, except for resource-types where the "update" operation has the same effective impact as the "create" operation (e.g., UpdatePolicy , UpdateSecurityList , etc.), in which case the "update" ability is available only with the manage verb. In general, this verb does not include the ability to create or delete that type of resource. |
Day-to-day end users of resources |
manage
|
Includes all permissions for the resource. | Administrators |