Cloud
Permissions
Each API key is assigned a set of permissions that control what it can do. Permissions are scoped to resource groups (for example, backups) and set at key creation. They cannot be changed after -- to change a key's permissions, delete it and create a new one.
Permission levels
Each scope supports two levels:
- Read -- retrieve and list resources
- Write -- create and trigger operations
Write does not include Read. If your automation needs to both trigger operations and check their status, assign Read and Write for that scope.
Scopes
| Scope | Read | Write | Endpoints |
|---|---|---|---|
| Request Backups | List backups and backup requests | Request a new backup | /v2/organization/{org_id}/backups/, /v2/organization/{org_id}/backup-requests/ |
| Retrieve Backups | List backup retrievals | Request a backup retrieval | /v2/organization/{org_id}/backup-retrieved/ |
| Restore Backups | List restore jobs | Request a restore | /v2/organization/{org_id}/backup-restore/ |
You set permissions when creating a key in the Console.