IAM actions by role
IBM Cloud® Identity and Access Management (IAM) enables you to securely authenticate users and control access to all cloud resources consistently in the IBM Cloud. Access to IBM Cloud Logs instances for users in your account is controlled by IBM Cloud Identity and Access Management (IAM). Different roles allow for different actions.
Manager role
Action | Description |
---|---|
logs.data-usage.read |
View instance data usage metrics. |
logs.data-usage.manage |
Manage instance data usage metrics. |
logs.data-usage.export |
Export data usage. |
logs.team-members.read |
Read the list of users. |
logs.data-access-restriction-rule.read |
Read scopes. |
logs.data-access-restriction-rule.manage |
Manage scopes. |
logs.shared-action.read |
Read shared actions. |
logs.shared-action.manage |
Manage shared actions. |
logs.shared-action.execute |
Run shared actions. |
logs.private-action.read |
Read private actions. |
logs.private-action.manage |
Manage private actions. |
logs.private-action.execute |
Run private actions. |
logs.alert-config.read |
Read alert definitions. |
logs.alert-config.manage |
Manage alert definitions. |
logs.alert.snooze |
Snooze or unsnooze an alert. |
logs.logs-alert.read |
Read logs alerts definitions. |
logs.logs-alert.manage |
Manage logs alerts definitions. |
logs.metrics-alert.read |
Read metrics alerts definitions. |
logs.metrics-alert.manage |
Define and modify metrics alerts settings. |
logs.alerts-map.read |
View visualized alerts in alerts map. |
logs.shared-view.read |
Read shared views. |
logs.shared-view.manage |
Manage shared views. |
logs.private-view.read |
Read private views. |
logs.private-view.manage |
Manage private views. |
logs.shared-dashboard.read |
View custom shared dashboard widgets. |
logs.shared-dashboard.manage |
Manage custom shared dashboard widgets. |
logs.private-dashboard.read |
View custom private dashboard widgets. |
logs.private-dashboard.manage |
Manage custom private dashboard widgets. |
logs.data-map.read |
Read DataMap configurations. |
logs.data-map.manage |
Manage DataMap configurations. |
logs.logs-tco-policy.read |
View existing logs TCO policies. |
logs.logs-tco-policy.manage |
View and modify existing logs TCO policies and create new ones. |
logs.geo-enrichment.read |
Read geo-enrichment configuration. |
logs.geo-enrichment.manage |
Manage geo-enrichment configuration. |
logs.security-enrichment.read |
Read security enrichment configuration. |
logs.security-enrichment.manage |
Manage security enrichment configuration. |
logs.custom-enrichment.read |
Read custom enrichment configuration. |
logs.custom-enrichment.manage |
Manage custom enrichment configuration. |
logs.custom-enrichment-data.read |
Read data for custom enrichment configuration. |
logs.custom-enrichment-data.manage |
Manage data for custom enrichment configuration. |
logs.incident.read |
View events in triggered alerts. |
logs.incident.acknowledge |
Acknowledge events in triggered alerts. |
logs.incident.snooze |
Snooze events in triggered alerts. |
logs.incident.assign |
Assign an event in triggered alerts. |
logs.incident.close |
Manually resolve events in triggered alerts. |
logs.extension.read |
View extension packages. |
logs.extension.manage |
Deploy, undeploy, and update extension packages. |
logs.livetail.read |
Read livetail data. |
logs.logs-data-analytics-high.read |
Read analytics data for logs in high-tier (Priority insights). |
logs.logs-data-analytics-low.read |
Read analytics data for logs in low-tier (Store and search). |
logs.metrics-data-analytics-high.read |
Read analytics of metrics in the form of mapping statistics in the high-tier (Priority insights). |
logs.metrics-data-analytics-low.read |
Read analytics of metrics in the form of mapping statistics in the low-tier (Store and search). |
logs.logs-data-api-high.read |
Query logs in the high-tier (Priority insights). |
logs.logs-data-api-low.read |
Query logs in the low-tier (Store and search). |
logs.metrics-data-api-high.read |
Query metrics in the high-tier (Priority insights). |
logs.metrics-data-api-low.read |
Query metrics in the low-tier (Store and search). |
logs.data-ingress.send |
Send logs data. |
logs.parsing-rule.read |
Read parsing rules. |
logs.parsing-rule.manage |
Create, modify, and remove parsing rules. |
logs.events2metrics.read |
View Events to Metrics configuration when the source input is logs. |
logs.events2metrics.manage |
Configure or modify the configuration for Events to Metrics, when the source input is logs. |
logs.version-benchmark-tags.manage |
Manage version benchmark tags. |
logs.version-benchmark-tags.read |
Read version benchmark tags. |
logs.version-benchmark-report.read |
Read version benchmark reports. |
logs.suppression-rule.read |
Read suppression rules. |
logs.suppression-rule.manage |
Manage suppression rules. |
logs.webhook.read |
View generic outbound webhooks configuration. |
logs.webhook.manage |
Create and modify the configuration for outbound webhooks. |
logs.legacy-archive-query.execute |
Query data from the archive. |
logs.legacy-archive-query.reindex |
Re-index archive queries. |
Writer role
Action | Description |
---|---|
logs.data-usage.read |
View instance data usage metrics. |
logs.data-usage.export |
Export data usage. |
logs.data-access-restriction-rule.read |
Read scopes. |
logs.shared-action.read |
Read shared actions. |
logs.shared-action.manage |
Manage shared actions. |
logs.shared-action.execute |
Run shared actions. |
logs.private-action.read |
Read private actions. |
logs.private-action.manage |
Manage private actions. |
logs.private-action.execute |
Run private actions. |
logs.alert-config.read |
Read alert definitions. |
logs.alert-config.manage |
Manage alert definitions. |
logs.alert.snooze |
Snooze or unsnooze an alert. |
logs.logs-alert.read |
Read logs alerts definitions. |
logs.logs-alert.manage |
Manage logs alerts definitions. |
logs.metrics-alert.read |
Read metrics alerts definitions. |
logs.metrics-alert.manage |
Define and modify metrics alerts settings. |
logs.alerts-map.read |
View visualized alerts in alerts map. |
logs.shared-view.read |
Read shared views. |
logs.shared-view.manage |
Manage shared views. |
logs.private-view.read |
Read private views. |
logs.private-view.manage |
Manage private views. |
logs.shared-dashboard.read |
View custom shared dashboard widgets. |
logs.shared-dashboard.manage |
Manage custom shared dashboard widgets. |
logs.private-dashboard.read |
View custom private dashboard widgets. |
logs.private-dashboard.manage |
Manage custom private dashboard widgets. |
logs.data-map.read |
Read DataMap configurations. |
logs.data-map.manage |
Manage DataMap configurations. |
logs.logs-tco-policy.read |
View existing logs TCO policies. |
logs.geo-enrichment.read |
Read geo-enrichment configuration. |
logs.security-enrichment.read |
Read security enrichment configuration. |
logs.custom-enrichment.read |
Read custom enrichment configuration. |
logs.custom-enrichment.manage |
Manage custom enrichment configuration. |
logs.custom-enrichment-data.read |
Read data for custom enrichment configuration. |
logs.custom-enrichment-data.manage |
Manage data for custom enrichment configuration. |
logs.incident.read |
View events in triggered alerts. |
logs.incident.acknowledge |
Acknowledge events in triggered alerts. |
logs.incident.snooze |
Snooze events in triggered alerts. |
logs.incident.assign |
Assign an event in triggered alerts. |
logs.incident.close |
Manually resolve events in triggered alerts. |
logs.extension.read |
View extension packages. |
logs.extension.manage |
Deploy, undeploy, and update extension packages. |
logs.livetail.read |
Read livetail data. |
logs.logs-data-analytics-high.read |
Read analytics data for logs in high-tier (Priority insights). |
logs.logs-data-analytics-low.read |
Read analytics data for logs in low-tier (Store and search). |
logs.metrics-data-analytics-high.read |
Read analytics of metrics in the form of mapping statistics in the high-tier (Priority insights). |
logs.metrics-data-analytics-low.read |
Read analytics of metrics in the form of mapping statistics in the low-tier (Store and search). |
logs.logs-data-api-high.read |
Query logs in the high-tier (Priority insights). |
logs.logs-data-api-low.read |
Query logs in the low-tier (Store and search). |
logs.metrics-data-api-high.read |
Query metrics in the high-tier (Priority insights). |
logs.metrics-data-api-low.read |
Query metrics in the low-tier (Store and search). |
logs.data-ingress.send |
Send logs data. |
logs.parsing-rule.read |
Read parsing rules. |
logs.parsing-rule.manage |
Create, modify, and remove parsing rules. |
logs.events2metrics.read |
View Events to Metrics configuration when the source input is logs. |
logs.version-benchmark-tags.read |
Read version benchmark tags. |
logs.version-benchmark-report.read |
Read version benchmark reports. |
logs.suppression-rule.read |
Read suppression rules. |
logs.suppression-rule.manage |
Manage suppression rules. |
logs.webhook.read |
View generic outbound webhooks configuration. |
logs.webhook.manage |
Create and modify the configuration for outbound webhooks. |
logs.legacy-archive-query.execute |
Query data from the archive. |
logs.legacy-archive-query.reindex |
Re-index archive queries. |
Reader role
Action | Description |
---|---|
logs.data-usage.read |
View instance data usage metrics. |
logs.shared-action.read |
Read shared actions. |
logs.shared-action.execute |
Run shared actions. |
logs.alert-config.read |
Read alert definitions. |
logs.logs-alert.read |
Read logs alerts definitions. |
logs.metrics-alert.read |
Read metrics alerts definitions. |
logs.alerts-map.read |
View visualized alerts in alerts map. |
logs.shared-view.read |
Read shared views. |
logs.shared-dashboard.read |
View custom shared dashboard widgets. |
logs.data-map.read |
Read DataMap configurations. |
logs.custom-enrichment-data.read |
Read data for custom enrichment configuration. |
logs.incident.read |
View events in triggered alerts. |
logs.livetail.read |
Read livetail data. |
logs.logs-data-api-high.read |
Query logs in the high-tier (Priority insights). |
logs.logs-data-api-low.read |
Query logs in the low-tier (Store and search). |
logs.metrics-data-api-high.read |
Query metrics in the high-tier (Priority insights). |
logs.metrics-data-api-low.read |
Query metrics in the low-tier (Store and search). |
logs.version-benchmark-tags.read |
Read version benchmark tags. |
logs.version-benchmark-report.read |
Read version benchmark reports. |
logs.suppression-rule.read |
Read suppression rules. |
logs.webhook.read |
View generic outbound webhooks configuration. |
logs.legacy-archive-query.execute |
Query data from the archive. |
Sender role
Action | Description |
---|---|
logs.data-ingress.send |
Send logs data. |
Data Access Reader role
Action | Description |
---|---|
logs.data-access-restriction.read |
Access the scope. |