From e2e94b6f177ed4448d31cc0f948f2e8af9a95b61 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Mon, 10 Mar 2025 12:21:00 +0000
Subject: [PATCH 1/4] Update API token permissions table (account)
---
.../api/reference/permissions.mdx | 10 +-
.../account-permissions-table.mdx | 293 +++++++++---------
2 files changed, 155 insertions(+), 148 deletions(-)
diff --git a/src/content/docs/fundamentals/api/reference/permissions.mdx b/src/content/docs/fundamentals/api/reference/permissions.mdx
index a47dffbcf817981..aee213f4ccc8af8 100644
--- a/src/content/docs/fundamentals/api/reference/permissions.mdx
+++ b/src/content/docs/fundamentals/api/reference/permissions.mdx
@@ -39,14 +39,20 @@ The applicable scope of account permissions is `com.cloudflare.api.account`.
diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx
index ca5ca5450f76adf..8e7ef5bb9ff5515 100644
--- a/src/content/partials/fundamentals/account-permissions-table.mdx
+++ b/src/content/partials/fundamentals/account-permissions-table.mdx
@@ -1,151 +1,152 @@
---
-inputParameters: editWord;;editProduct;;cloudflareName
+params:
+ - editWord
+ - src
---
import { Markdown } from "~/components";
-| Name | Description |
-| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
-| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
-| Access: Apps and Policies {props.one} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
-| Access: Audit Logs Read | Grants read access to [Cloudflare Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
-| Access: Custom Pages Read | Grants read access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
-| Access: Custom Pages {props.one} | Grants write access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
-| Access: Device Posture Read | Grants read access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
-| Access: Device Posture {props.one} | Grants write access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
-| Access: Mutual TLS Certificates Read | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
-| Access: Mutual TLS Certificates {props.one} | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
-| Access: Organizations, Identity Providers, and Groups Read | Grants read access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
-| Access: Organizations, Identity Providers, and Groups Revoke | Grants ability to revoke user sessions to [Cloudflare Access account resources](/cloudflare-one/identity/). |
-| Access: Organizations, Identity Providers, and Groups {props.one} | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
-| Access: Service Tokens Read | Grants read access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
-| Access: Service Tokens {props.one} | Grants write access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
-| Access: SSH Auditing Read | Grants read access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
-| Access: SSH Auditing {props.one} | Grants write access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
-| Account Analytics Read | Grants read access to [account analytics](/analytics/account-and-zone-analytics/account-analytics/). |
-| Account Custom Pages Read | Grants read access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
-| Account Custom Pages {props.one} | Grants write access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
-| Account Filter Lists Read | Grants read access to Account Filter Lists. |
-| Account Filter Lists {props.one} | Grants write access to Account Filter Lists. |
-| Account Firewall Access Rules Read | Grants read access to account firewall access rules. |
-| Account Firewall Access Rules {props.one} | Grants write access to account firewall access rules. |
-| Account Rulesets Read | Grants read access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
-| Account Rulesets {props.one} | Grants write access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
-| Account Settings Read | Grants read access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
-| Account Settings {props.one} | Grants write access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
-| Account: SSL and Certificates Read | Grants read access to [SSL and Certificates](/ssl/). |
-| Account: SSL and Certificates {props.one} | Grants write access to [SSL and Certificates](/ssl/). |
-| Account WAF Read | Grants read access to [Account WAF](/waf/). |
-| Account WAF {props.one} | Grants write access to [Account WAF](/waf/). |
-| Address Maps {props.one} | Grants write access to [Address Maps](/byoip/address-maps/) |
-| Address Maps Read | Grants read access to [Address Maps](/byoip/address-maps/) |
-| Allow Request Tracer Read | Grants read access to Request Tracer. |
-| API Gateway Read | Grants read access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
-| API Gateway {props.one} | Grants write access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
-| Billing Read | Grants read access to [billing profile, subscriptions, and access to fetch invoices](/fundamentals/subscriptions-and-billing/) and entitlements. |
-| Billing {props.one} | Grants write access to [billing profile, subscriptions, and access to fetch invoices and entitlements](/fundamentals/subscriptions-and-billing/). |
-| Bulk URL Redirects Read | Grants read access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
-| Bulk URL Redirects {props.one} | Grants write access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
-| China Network Steering Read | Grants read access to [China Network Steering](/china-network/). |
-| China Network Steering {props.one} | Grants write access to [China Network Steering](/china-network/). |
-| Cloudchamber Read | Grants read access to Cloudchamber deployments. |
-| Cloudchamber {props.one} | Grants write access to Cloudchamber deployments. |
-| Cloudflare Calls Read | Grants read access to Cloudflare Calls. |
-| Cloudflare Calls {props.one} | Grants write access to Cloudflare Calls. |
-| Cloudflare DEX Read | Grants read access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
-| Cloudflare DEX {props.one} | Grants write access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
-| Cloudflare Images Read | Grants read access to [Cloudflare Images](/images/). |
-| Cloudflare Images {props.one} | Grants write access to [Cloudflare Images](/images/). |
-| Cloudflare One Connector: cloudflared Read | Grants read access to `cloudflared` Connectors |
-| Cloudflare One Connector: cloudflared {props.one} | Grants write access to `cloudflared` Connectors |
-| Cloudflare One Connector: WARP Read | Grants read access to Warp Connectors |
-| Cloudflare One Connector: WARP {props.one} | Grants write access to Warp Connectors |
-| Cloudflare One Connectors Read | Grants read access to Cloudflare One Connectors |
-| Cloudflare One Connectors {props.one} | Grants write access to Cloudflare One Connectors |
-| Cloudflare One Networks Read | Grants read access to Cloudflare One Networks |
-| Cloudflare One Networks {props.one} | Grants write access to Cloudflare One Networks |
-| {props.three} Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. |
-| {props.three} Pages {props.one} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. |
-| {props.two} Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
-| {props.two} Tunnel {props.one} | Grants access to create and delete [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
-| Cloudforce One Read | Grants read access to Cloudforce One. |
-| Cloudforce One {props.one} | Grants write access to Cloudforce One. |
-| Cloud Email Security Read | Grants read access to [Cloud Email Security](/email-security/). |
-| Email Security {props.one} | Grants write access to [Email Security](/email-security/). |
-| Constellation Read | Grants read access to [Constellation](/constellation/). |
-| Constellation {props.one} | Grants write access to [Constellation](/constellation/). |
-| D1 Read | Grants read access to [D1](/d1/). |
-| D1 {props.one} | Grants write access to [D1](/d1/). |
-| DDoS Botnet Feed Read | Grants read access to Botnet Feed reports. |
-| DDoS Botnet Feed {props.one} | Grants write access to Botnet Feed configuration. |
-| DDoS Protection Read | Grants read access to [DDoS protection](/ddos-protection/). |
-| DDoS Protection {props.one} | Grants write access to [DDoS protection](/ddos-protection/). |
-| DNS Firewall Read | Grants read access to [DNS Firewall](/dns/dns-firewall/). |
-| DNS Firewall {props.one} | Grants write access to [DNS Firewall](/dns/dns-firewall/). |
-| Email Routing Addresses Read | Grants read access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
-| Email Routing Addresses {props.one} | Grants write access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
-| Hyperdrive Read | Grants read access to [Hyperdrive](/hyperdrive/). |
-| Hyperdrive {props.one} | Grants write access to [Hyperdrive](/hyperdrive/). |
-| Intel Read | Grants read access to [Intel](/security-center/intel-apis/). |
-| Intel {props.one} | Grants write access to [Intel](/security-center/intel-apis/). |
-| Integration {props.one} | Grants write access to integrations. |
-| IOT Read | Grants read access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
-| IOT {props.one} | Grants write access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
-| IP Prefixes: Read | Grants access to read IP prefix settings. |
-| IP Prefixes: {props.one} | Grants access to read/write IP prefix settings. |
-| IP Prefixes: BGP On Demand Read | Grants access to read IP prefix BGP configuration. |
-| IP Prefixes: BGP On Demand {props.one} | Grants access to read and change IP prefix BGP configuration. |
-| L3/4 DDoS Managed Ruleset Read | Grants read access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
-| L3/4 DDoS Managed Ruleset {props.one} | Grants write access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
-| Load Balancing: Monitors and Pools Read | Grants read access to account level [load balancer resources](/load-balancing/). |
-| Load Balancing: Monitors and Pools {props.one} | Grants write access to account level [load balancer resources](/load-balancing/). |
-| Logs Read | Grants read access to logs using [Logpull or Instant Logs](/logs/). |
-| Logs {props.one} | Grants read and write access to [Logpull, Logpush, and Instant Logs](/logs/). |
-| Magic Firewall Read | Grants read access to [Magic Firewall](/magic-firewall/). |
-| Magic Firewall {props.one} | Grants write access to [Magic Firewall](/magic-firewall/). |
-| Magic Firewall Packet Captures - Read PCAPs API | Grants read access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
-| Magic Firewall Packet Captures - {props.one} PCAPs API | Grants write access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
-| Magic Network Monitoring Read | Grants read access to [Magic Network Monitoring](/magic-network-monitoring/). |
-| Magic Network Monitoring {props.one} | Grants write access to [Magic Network Monitoring](/magic-network-monitoring/). |
-| Magic Transit Read | Grants read access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
-| Magic Transit {props.one} | Grants write access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
-| Notifications Read | Grants read access to [Notifications](/notifications/). |
-| Notifications {props.one} | Grants write access to [Notifications](/notifications/). |
-| Page Shield Read | Grants read access to [Page Shield](/page-shield/). |
-| Page Shield {props.one} | Grants write access to [Page Shield](/page-shield/). |
-| Pipelines Read | Grants read access to Cloudflare Pipelines. |
-| Pipelines {props.one} | Grants write access to Cloudflare Pipelines. |
-| Pub/Sub Read | Grants read access to [Pub/Sub](/pub-sub/). |
-| Pub/Sub {props.one} | Grants write access to [Pub/Sub](/pub-sub/). |
-| Queues Read | Grants read access to [Queues](/queues/). |
-| Queues {props.one} | Grants write access to [Queues](/queues/). |
-| Rule Policies Read | Grants read access to Rule Policies. |
-| Rule Policies {props.one} | Grants write access to Rule Policies. |
-| Stream Read | Grants read access to [Cloudflare Stream](/stream/). |
-| Stream {props.one} | Grants write access to [Cloudflare Stream](/stream/). |
-| Transform Rules Read | Grants read access to [Transform Rules](/rules/transform/). |
-| Transform Rules {props.one} | Grants write access to [Transform Rules](/rules/transform/). |
-| Turnstile Read | Grants read access to [Turnstile](/turnstile/). |
-| Turnstile {props.one} | Grants write access to [Turnstile](/turnstile/). |
-| URL Scanner Read | Grants read access to [URL Scanner](/radar/investigate/url-scanner/). |
-| URL Scanner {props.one} | Grants write access to [URL Scanner](/radar/investigate/url-scanner/). |
-| Vectorize Read | Grants read access to [Vectorize](/vectorize/). |
-| Vectorize {props.one} | Grants write access to [Vectorize](/vectorize/). |
-| Workers AI Read | Grants read access to [Workers AI](/workers-ai/). |
-| Workers AI {props.one} | Grants write access to [Workers AI](/workers-ai/). |
-| Workers CI Read | Grants read access to [Workers CI] (/workers/). |
-| Workers CI {props.one} | Grants write access to [Workers CI](/workers). |
-| Workers KV Storage Read | Grants read access to [Cloudflare Workers KV Storage](/kv/api/). |
-| Workers KV Storage {props.one} | Grants write access to [Cloudflare Workers KV Storage](/kv/api/). |
-| Workers R2 Storage Read | Grants read access to [Cloudflare R2 Storage](/r2/). |
-| Workers R2 Storage {props.one} | Grants write access to [Cloudflare R2 Storage](/r2/). |
-| Workers Scripts Read | Grants read access to [Cloudflare Workers scripts](/workers/). |
-| Workers Scripts {props.one} | Grants write access to [Cloudflare Workers scripts](/workers/). |
-| Workers Tail Read | Grants [`wrangler tail`](/workers/wrangler/commands/#tail) read permissions. |
-| Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/). |
-| Zero Trust Report | Grants reporting access to [Cloudflare Zero Trust](/cloudflare-one/). |
-| Zero Trust {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/). |
-| Zero Trust PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. |
-| Zero Trust PII {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/) PII. |
-| Zero Trust Seats {props.one} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). |
+| Name | Description |
+| ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
+| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
+| Access: Apps and Policies {props.editWord} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
+| Access: Audit Logs Read | Grants read access to [Cloudflare Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
+| Access: Custom { props.src === "dash" ? "Pages" : "Page" } Read | Grants read access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
+| Access: Custom { props.src === "dash" ? "Pages" : "Page" } {props.editWord} | Grants write access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
+| Access: Device Posture Read | Grants read access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
+| Access: Device Posture {props.editWord} | Grants write access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
+| Access: { props.src === "dash" && "Mutual TLS" } Certificates Read | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
+| Access: { props.src === "dash" && "Mutual TLS" } Certificates {props.editWord} | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
+| Access: Organizations, Identity Providers, and Groups Read | Grants read access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
+| Access: Organizations, Identity Providers, and Groups Revoke | Grants ability to revoke user sessions to [Cloudflare Access account resources](/cloudflare-one/identity/). |
+| Access: Organizations, Identity Providers, and Groups {props.editWord} | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
+| Access: Service Tokens Read | Grants read access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
+| Access: Service Tokens {props.editWord} | Grants write access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
+| Access: SSH Auditing { props.src === "api" && "CA" } Read | Grants read access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
+| Access: SSH Auditing { props.src === "api" && "CA" } {props.editWord} | Grants write access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
+| Account Analytics Read | Grants read access to [account analytics](/analytics/account-and-zone-analytics/account-analytics/). |
+| Account Custom Pages Read | Grants read access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
+| Account Custom Pages {props.editWord} | Grants write access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
+| Account { props.src === "dash" ? "Filter" : "Rule" } Lists Read | Grants read access to Account Filter Lists. |
+| Account { props.src === "dash" ? "Filter" : "Rule" } Lists {props.editWord} | Grants write access to Account Filter Lists. |
+| Account Firewall Access Rules Read | Grants read access to account firewall access rules. |
+| Account Firewall Access Rules {props.editWord} | Grants write access to account firewall access rules. |
+| Account Rulesets Read | Grants read access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
+| Account Rulesets {props.editWord} | Grants write access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
+| Account Settings Read | Grants read access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
+| Account Settings {props.editWord} | Grants write access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
+| Account: SSL and Certificates Read | Grants read access to [SSL and Certificates](/ssl/). |
+| Account: SSL and Certificates {props.editWord} | Grants write access to [SSL and Certificates](/ssl/). |
+| Account WAF Read | Grants read access to [Account WAF](/waf/). |
+| Account WAF {props.editWord} | Grants write access to [Account WAF](/waf/). |
+| Address Maps {props.editWord} | Grants write access to [Address Maps](/byoip/address-maps/) |
+| Address Maps Read | Grants read access to [Address Maps](/byoip/address-maps/) |
+| Allow Request Tracer Read | Grants read access to Request Tracer. |
+| { props.src === "api" && "Account" } API Gateway Read | Grants read access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
+| { props.src === "api" && "Account" } API Gateway {props.editWord} | Grants write access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
+| Billing Read | Grants read access to [billing profile, subscriptions, and access to fetch invoices](/fundamentals/subscriptions-and-billing/) and entitlements. |
+| Billing {props.editWord} | Grants write access to [billing profile, subscriptions, and access to fetch invoices and entitlements](/fundamentals/subscriptions-and-billing/). |
+| Bulk URL Redirects Read | Grants read access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
+| Bulk URL Redirects {props.editWord} | Grants write access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
+| China Network Steering Read | Grants read access to [China Network Steering](/china-network/). |
+| China Network Steering {props.editWord} | Grants write access to [China Network Steering](/china-network/). |
+| Cloudchamber Read | Grants read access to Cloudchamber deployments. |
+| Cloudchamber {props.editWord} | Grants write access to Cloudchamber deployments. |
+| { props.src === "dash" && "Cloudflare" } Calls Read | Grants read access to Cloudflare Calls. |
+| { props.src === "dash" && "Cloudflare" } Calls {props.editWord} | Grants write access to Cloudflare Calls. |
+| Cloudflare DEX Read | Grants read access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
+| Cloudflare DEX {props.editWord} | Grants write access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
+| { props.src === "dash" && "Cloudflare" } Images Read | Grants read access to [Cloudflare Images](/images/). |
+| { props.src === "dash" && "Cloudflare" } Images {props.editWord} | Grants write access to [Cloudflare Images](/images/). |
+| { props.src === "dash" ? "Cloudflare One Connector: cloudflared" : "Cloudflare One cloudflared Connectors" } Read | Grants read access to `cloudflared` Connectors |
+| { props.src === "dash" ? "Cloudflare One Connector: cloudflared" : "Cloudflare One cloudflared Connectors" } {props.editWord} | Grants write access to `cloudflared` Connectors |
+| { props.src === "dash" ? "Cloudflare One Connector: WARP" : "Cloudflare One Warp Connectors" } Read | Grants read access to Warp Connectors |
+| { props.src === "dash" ? "Cloudflare One Connector: WARP" : "Cloudflare One Warp Connectors" } {props.editWord} | Grants write access to Warp Connectors |
+| Cloudflare One Connectors Read | Grants read access to Cloudflare One Connectors |
+| Cloudflare One Connectors {props.editWord} | Grants write access to Cloudflare One Connectors |
+| Cloudflare One Networks Read | Grants read access to Cloudflare One Networks |
+| Cloudflare One Networks {props.editWord} | Grants write access to Cloudflare One Networks |
+| { props.src === "dash" && "Cloudflare" } Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. |
+| { props.src === "dash" && "Cloudflare" } Pages {props.editWord} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. |
+| { props.src === "dash" ? "Cloudflare" : "Argo" } Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
+| { props.src === "dash" ? "Cloudflare" : "Argo" } Tunnel {props.editWord} | Grants access to create and delete [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
+| Cloudforce One Read | Grants read access to Cloudforce One. |
+| Cloudforce One {props.editWord} | Grants write access to Cloudforce One. |
+| { props.src === "dash" ? "Email Security" : "Cloud Email Security:" } Read | Grants read access to [Cloud Email Security](/email-security/). |
+| { props.src === "dash" ? "Email Security" : "Cloud Email Security:" } {props.editWord} | Grants write access to [Email Security](/email-security/). |
+| Constellation Read | Grants read access to [Constellation](/constellation/). |
+| Constellation {props.editWord} | Grants write access to [Constellation](/constellation/). |
+| D1 Read | Grants read access to [D1](/d1/). |
+| D1 {props.editWord} | Grants write access to [D1](/d1/). |
+| DDoS Botnet Feed Read | Grants read access to Botnet Feed reports. |
+| DDoS Botnet Feed {props.editWord} | Grants write access to Botnet Feed configuration. |
+| DDoS Protection Read | Grants read access to [DDoS protection](/ddos-protection/). |
+| DDoS Protection {props.editWord} | Grants write access to [DDoS protection](/ddos-protection/). |
+| DNS Firewall Read | Grants read access to [DNS Firewall](/dns/dns-firewall/). |
+| DNS Firewall {props.editWord} | Grants write access to [DNS Firewall](/dns/dns-firewall/). |
+| Email Routing Addresses Read | Grants read access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
+| Email Routing Addresses {props.editWord} | Grants write access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
+| Hyperdrive Read | Grants read access to [Hyperdrive](/hyperdrive/). |
+| Hyperdrive {props.editWord} | Grants write access to [Hyperdrive](/hyperdrive/). |
+| Intel Read | Grants read access to [Intel](/security-center/intel-apis/). |
+| Intel {props.editWord} | Grants write access to [Intel](/security-center/intel-apis/). |
+| Integration {props.editWord} | Grants write access to integrations. |
+| IOT Read | Grants read access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
+| IOT {props.editWord} | Grants write access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
+| IP Prefixes: Read | Grants access to read IP prefix settings. |
+| IP Prefixes: {props.editWord} | Grants access to read/write IP prefix settings. |
+| IP Prefixes: BGP On Demand Read | Grants access to read IP prefix BGP configuration. |
+| IP Prefixes: BGP On Demand {props.editWord} | Grants access to read and change IP prefix BGP configuration. |
+| { props.src === "dash" ? "L3/4" : "L4" } DDoS Managed Ruleset Read | Grants read access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
+| { props.src === "dash" ? "L3/4" : "L4" } DDoS Managed Ruleset {props.editWord} | Grants write access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
+| Load Balancing: Monitors and Pools Read | Grants read access to account level [load balancer resources](/load-balancing/). |
+| Load Balancing: Monitors and Pools {props.editWord} | Grants write access to account level [load balancer resources](/load-balancing/). |
+| Logs Read | Grants read access to logs using [Logpull or Instant Logs](/logs/). |
+| Logs {props.editWord} | Grants read and write access to [Logpull, Logpush, and Instant Logs](/logs/). |
+| Magic Firewall Read | Grants read access to [Magic Firewall](/magic-firewall/). |
+| Magic Firewall {props.editWord} | Grants write access to [Magic Firewall](/magic-firewall/). |
+| { props.src === "dash" ? "Magic Firewall Packet Captures Read" : "Magic Firewall Packet Captures - Read PCAPs API" } | Grants read access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
+| { props.src === "dash" ? `Magic Firewall Packet Captures ${props.editWord}` : "Magic Firewall Packet Captures - Write PCAPs API" } | Grants write access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
+| Magic Network Monitoring Read | Grants read access to [Magic Network Monitoring](/magic-network-monitoring/). |
+| Magic Network Monitoring {props.editWord} | Grants write access to [Magic Network Monitoring](/magic-network-monitoring/). |
+| Magic Transit Read | Grants read access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
+| Magic Transit {props.editWord} | Grants write access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
+| Notifications Read | Grants read access to [Notifications](/notifications/). |
+| Notifications {props.editWord} | Grants write access to [Notifications](/notifications/). |
+| Page Shield Read | Grants read access to [Page Shield](/page-shield/). |
+| Page Shield {props.editWord} | Grants write access to [Page Shield](/page-shield/). |
+| { props.src === "dash" && "Workers" } Pipelines Read | Grants read access to Cloudflare Pipelines. |
+| { props.src === "dash" && "Workers" } Pipelines {props.editWord} | Grants write access to Cloudflare Pipelines. |
+| { props.src === "dash" ? "Pub/Sub" : "Pubsub Configuration" } Read | Grants read access to [Pub/Sub](/pub-sub/). |
+| { props.src === "dash" ? "Pub/Sub" : "Pubsub Configuration" } {props.editWord} | Grants write access to [Pub/Sub](/pub-sub/). |
+| Queues Read | Grants read access to [Queues](/queues/). |
+| Queues {props.editWord} | Grants write access to [Queues](/queues/). |
+| Rule Policies Read | Grants read access to Rule Policies. |
+| Rule Policies {props.editWord} | Grants write access to Rule Policies. |
+| Stream Read | Grants read access to [Cloudflare Stream](/stream/). |
+| Stream {props.editWord} | Grants write access to [Cloudflare Stream](/stream/). |
+| Transform Rules Read | Grants read access to [Transform Rules](/rules/transform/). |
+| Transform Rules {props.editWord} | Grants write access to [Transform Rules](/rules/transform/). |
+| Turnstile { props.src === "api" && "Sites" } Read | Grants read access to [Turnstile](/turnstile/). |
+| Turnstile { props.src === "api" && "Sites" } {props.editWord} | Grants write access to [Turnstile](/turnstile/). |
+| URL Scanner Read | Grants read access to [URL Scanner](/radar/investigate/url-scanner/). |
+| URL Scanner {props.editWord} | Grants write access to [URL Scanner](/radar/investigate/url-scanner/). |
+| Vectorize Read | Grants read access to [Vectorize](/vectorize/). |
+| Vectorize {props.editWord} | Grants write access to [Vectorize](/vectorize/). |
+| Workers AI Read | Grants read access to [Workers AI](/workers-ai/). |
+| Workers AI {props.editWord} | Grants write access to [Workers AI](/workers-ai/). |
+| Workers CI Read | Grants read access to [Workers CI] (/workers/). |
+| Workers CI {props.editWord} | Grants write access to [Workers CI](/workers). |
+| Workers KV Storage Read | Grants read access to [Cloudflare Workers KV Storage](/kv/api/). |
+| Workers KV Storage {props.editWord} | Grants write access to [Cloudflare Workers KV Storage](/kv/api/). |
+| Workers R2 Storage Read | Grants read access to [Cloudflare R2 Storage](/r2/). |
+| Workers R2 Storage {props.editWord} | Grants write access to [Cloudflare R2 Storage](/r2/). |
+| Workers Scripts Read | Grants read access to [Cloudflare Workers scripts](/workers/). |
+| Workers Scripts {props.editWord} | Grants write access to [Cloudflare Workers scripts](/workers/). |
+| Workers Tail Read | Grants [`wrangler tail`](/workers/wrangler/commands/#tail) read permissions. |
+| Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/). |
+| Zero Trust Report | Grants reporting access to [Cloudflare Zero Trust](/cloudflare-one/). |
+| Zero Trust {props.editWord} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/). |
+| Zero Trust: PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. |
+| Zero Trust: Seats {props.editWord} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). |
From 9c69dab7d90b1094332bd904d064831eac7bc36c Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Mon, 10 Mar 2025 12:34:03 +0000
Subject: [PATCH 2/4] Update API token permissions table (zone)
---
.../api/reference/permissions.mdx | 10 +-
.../fundamentals/zone-permissions-table.mdx | 157 +++++++++---------
2 files changed, 86 insertions(+), 81 deletions(-)
diff --git a/src/content/docs/fundamentals/api/reference/permissions.mdx b/src/content/docs/fundamentals/api/reference/permissions.mdx
index aee213f4ccc8af8..cbd21f41507e788 100644
--- a/src/content/docs/fundamentals/api/reference/permissions.mdx
+++ b/src/content/docs/fundamentals/api/reference/permissions.mdx
@@ -63,10 +63,16 @@ The applicable scope of zone permissions is `com.cloudflare.api.account.zone`.
-
+
-
+
diff --git a/src/content/partials/fundamentals/zone-permissions-table.mdx b/src/content/partials/fundamentals/zone-permissions-table.mdx
index 6a7d0b25597c532..3cc1f71892bd26d 100644
--- a/src/content/partials/fundamentals/zone-permissions-table.mdx
+++ b/src/content/partials/fundamentals/zone-permissions-table.mdx
@@ -1,83 +1,82 @@
---
-inputParameters: editWord
-
+params:
+ - editWord
+ - src
---
-import { Markdown } from "~/components"
+import { Markdown } from "~/components";
-| Name | Description |
-| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
-| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) zone resources. |
-| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) zone resources. |
-| Access: Apps and Policies {props.one} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) zone resources. |
-| Analytics Read | Grants read access to [analytics](/analytics/account-and-zone-analytics/zone-analytics/). |
-| API Gateway Read | Grants read access to [API Gateway](/api-shield/) zone resources. |
-| API Gateway {props.one} | Grants write access to [API Gateway](/api-shield/) zone resources. |
-| Apps {props.one} | Grants full access to [Cloudflare Apps](/support/more-dashboard-apps/cloudflare-apps/). |
-| Bot Management Read | Grants read access to [Bot Management](/bots/plans/bm-subscription/). |
-| Bot Management {props.one} | Grants write access to [Bot Management](/bots/plans/bm-subscription/). |
-| Bot Management Feedback Read | Grants read access to [Bot Management feedback](/bots/concepts/feedback-loop/). |
-| Bot Management Feedback {props.one} | Grants write access to [Bot Management feedback](/bots/concepts/feedback-loop/). |
-| Cache Purge | Grants access to [purge cache](/cache/how-to/purge-cache/). |
-| Cache Rules Read | Grants read access to [Cache Rules](/cache/how-to/cache-rules/). |
-| Cache Rules {props.one} | Grants write access to [Cache Rules](/cache/how-to/cache-rules/). |
-| Cloud Connector Read | Grants read access to [Cloud Connector rules](/rules/cloud-connector/). |
-| Cloud Connector {props.one} | Grants write access to [Cloud Connector rules](/rules/cloud-connector/). | |
-| Config Rules Read | Grants read access to [Configuration Rules](/rules/configuration-rules/). |
-| Config Rules {props.one} | Grants write access to [Configuration Rules](/rules/configuration-rules/). |
-| Custom Errors Read | Grants read access to [Custom Errors phase](/rules/custom-errors/create-api/). |
-| Custom Errors {props.one} | Grants write access to [Custom Errors phase](/rules/custom-errors/create-api/). |
-| Custom Error Rules Read | Grants read access to [Custom Error Rules](/rules/custom-errors/). |
-| Custom Error Rules {props.one} | Grants write access to [Custom Error Rules](/rules/custom-errors/). |
-| Custom Pages Read | Grants read access to [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
-| Custom Pages {props.one} | Grants write access to [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
-| DMARC Management Read | Grants read access to [DMARC Management](/dmarc-management/). |
-| DMARC Management {props.one} | Grants write access to [DMARC Management](/dmarc-management/). |
-| DNS Read | Grants read access to [DNS](/dns/). |
-| DNS Write | Grants write access to [DNS](/dns/). |
-| Email Routing Rules Read | Grants read access to [Email Routing Rules](/email-routing/setup/email-routing-addresses/). |
-| Email Routing Rules {props.one} | Grants write access to [Email Routing Rules](/email-routing/setup/email-routing-addresses/). |
-| Firewall Services Read | Grants read access to Firewall resources. |
-| Firewall Services {props.one} | Grants write access to Firewall resources. |
-| Health Checks Read | Grants read access to [Health Checks](/health-checks/). |
-| Health Checks {props.one} | Grants write access to [Health Checks](/health-checks/). |
-| HTTP DDoS Managed Ruleset Read | Grants read access to [HTTP DDoS managed ruleset](/ddos-protection/managed-rulesets/http/). |
-| HTTP DDoS Managed Ruleset {props.one} | Grants write access to [HTTP DDoS managed ruleset](/ddos-protection/managed-rulesets/http/). |
-| Load Balancers Read | Grants read access to [load balancer resources](/load-balancing/). |
-| Load Balancers {props.one} | Grants write access to [load balancer resources](/load-balancing/). |
-| Logs Read | Grants read access to logs using [Logpull](/logs/). |
-| Logs {props.one} | Grants write access to [Logpull and Logpush](/logs/). |
-| Managed Headers Read | Grants read access to [Managed Headers](/rules/transform/managed-transforms/). |
-| Managed Headers {props.one} | Grants write access to [Managed Headers](/rules/transform/managed-transforms/). |
-| Origin Rules Read | Grants read access to [Origin Rules](/rules/origin-rules/). |
-| Origin Rules {props.one} | Grants write access to [Origin Rules](/rules/origin-rules/). |
-| Page Rules Read | Grants read access to [Page Rules](/rules/page-rules/). |
-| Page Rules {props.one} | Grants write access to [Page Rules](/rules/page-rules/). |
-| Page Shield Read | Grants read access to [Page Shield](/page-shield/). |
-| Page Shield {props.one} | Grants write access to [Page Shield](/page-shield/). |
-| Response Compression Read | Grants read access to [Response Compression](/rules/compression-rules/). |
-| Response Compression {props.one} | Grants write access to [Response Compression](/rules/compression-rules/). |
-| Sanitize Read | Grants read access to sanitization. |
-| Sanitize {props.one} | Grants write access to sanitization. |
-| Single Redirect Read | Grants read access to zone-level [Single Redirects](/rules/url-forwarding/single-redirects/). |
-| Single Redirect {props.one} | Grants write access to zone-level [Single Redirects](/rules/url-forwarding/single-redirects/). |
-| SSL and Certificates Read | Grants read access to [SSL configuration and certificate management](/ssl/). |
-| SSL and Certificates {props.one} | Grants write access to [SSL configuration and certificate management](/ssl/). |
-| Transform Rules Read | Grants read access to [Transform Rules](/rules/transform/). |
-| Transform Rules {props.one} | Grants write access to [Transform Rules](/rules/transform/). |
-| Waiting Room Read | Grants read access to [Waiting Room](/waiting-room/). |
-| Waiting Room {props.one} | Grants write access to [Waiting Room](/waiting-room/). |
-| Web3 Hostnames Read | Grants read access to [Web3 Hostnames](/web3/). |
-| Web3 Hostnames {props.one} | Grants write access to [Web3 Hostnames](/web3/). |
-| Workers Routes Read | Grants read access to [Cloudflare Workers](/workers/) and [Workers KV Storage](/kv/api/). |
-| Workers Routes {props.one} | Grants write access to [Cloudflare Workers](/workers/) and [Workers KV Storage](/kv/api/). |
-| Zaraz Read | Grants read access to [Zaraz](/zaraz/) zone level settings. |
-| Zaraz {props.one} | Grants write access to [Zaraz](/zaraz/) zone level settings. |
-| Zone Read | Grants read access to zone management. |
-| Zone {props.one} | Grants write access to zone management. |
-| Zone Settings Read | Grants read access to zone settings. |
-| Zone Settings {props.one} | Grants write access to zone settings. |
-| Zone Versioning Read | Grants read access to [Zone Versioning](/version-management/) at zone level. |
-| Zone Versioning {props.one} | Grants write access to [Zone Versioning](/version-management/) at zone level. |
-| Zone WAF Read | Grants read access to [Zone WAF](/waf/). |
-| Zone WAF {props.one} | Grants write access to [Zone WAF](/waf/). |
+| Name | Description |
+| ----------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
+| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) zone resources. |
+| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) zone resources. |
+| Access: Apps and Policies {props.editWord} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) zone resources. |
+| Analytics Read | Grants read access to [analytics](/analytics/account-and-zone-analytics/zone-analytics/). |
+| { props.src === "api" && "Domain" } API Gateway Read | Grants read access to [API Gateway](/api-shield/) zone resources. |
+| { props.src === "api" && "Domain" } API Gateway {props.editWord} | Grants write access to [API Gateway](/api-shield/) zone resources. |
+| Apps {props.editWord} | Grants full access to [Cloudflare Apps](/support/more-dashboard-apps/cloudflare-apps/). |
+| Bot Management Read | Grants read access to [Bot Management](/bots/plans/bm-subscription/). |
+| Bot Management {props.editWord} | Grants write access to [Bot Management](/bots/plans/bm-subscription/). |
+| Bot Management Feedback Read | Grants read access to [Bot Management feedback](/bots/concepts/feedback-loop/). |
+| Bot Management Feedback {props.editWord} | Grants write access to [Bot Management feedback](/bots/concepts/feedback-loop/). |
+| Cache Purge | Grants access to [purge cache](/cache/how-to/purge-cache/). |
+| Cache { props.src === "dash" ? "Rules" : "Settings" } Read | Grants read access to [Cache Rules](/cache/how-to/cache-rules/). |
+| Cache { props.src === "dash" ? "Rules" : "Settings" } {props.editWord} | Grants write access to [Cache Rules](/cache/how-to/cache-rules/). |
+| Cloud Connector Read | Grants read access to [Cloud Connector rules](/rules/cloud-connector/). |
+| Cloud Connector {props.editWord} | Grants write access to [Cloud Connector rules](/rules/cloud-connector/). |
+| Config { props.src === "dash" ? "Rules" : "Settings" } Read | Grants read access to [Configuration Rules](/rules/configuration-rules/). |
+| Config { props.src === "dash" ? "Rules" : "Settings" } {props.editWord} | Grants write access to [Configuration Rules](/rules/configuration-rules/). |
+| Custom { props.src === "dash" ? "Error Rules" : "Errors" } Read | Grants read access to [Custom Error Rules](/rules/custom-errors/). |
+| Custom { props.src === "dash" ? "Error Rules" : "Errors" } {props.editWord} | Grants write access to [Custom Error Rules](/rules/custom-errors/). |
+| Custom Pages Read | Grants read access to [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
+| Custom Pages {props.editWord} | Grants write access to [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
+| { props.src === "dash" ? "Dmarc Management" : "Email Security DMARC Reports" } Read | Grants read access to [DMARC Management](/dmarc-management/). |
+| { props.src === "dash" ? "Dmarc Management" : "Email Security DMARC Reports" } {props.editWord} | Grants write access to [DMARC Management](/dmarc-management/). |
+| DNS Read | Grants read access to [DNS](/dns/). |
+| DNS Write | Grants write access to [DNS](/dns/). |
+| Email Routing Rules Read | Grants read access to [Email Routing Rules](/email-routing/setup/email-routing-addresses/). |
+| Email Routing Rules {props.editWord} | Grants write access to [Email Routing Rules](/email-routing/setup/email-routing-addresses/). |
+| Firewall Services Read | Grants read access to Firewall resources. |
+| Firewall Services {props.editWord} | Grants write access to Firewall resources. |
+| Health Checks Read | Grants read access to [Health Checks](/health-checks/). |
+| Health Checks {props.editWord} | Grants write access to [Health Checks](/health-checks/). |
+| HTTP DDoS Managed Ruleset Read | Grants read access to [HTTP DDoS managed ruleset](/ddos-protection/managed-rulesets/http/). |
+| HTTP DDoS Managed Ruleset {props.editWord} | Grants write access to [HTTP DDoS managed ruleset](/ddos-protection/managed-rulesets/http/). |
+| Load Balancers Read | Grants read access to [load balancer resources](/load-balancing/). |
+| Load Balancers {props.editWord} | Grants write access to [load balancer resources](/load-balancing/). |
+| Logs Read | Grants read access to logs using [Logpull](/logs/). |
+| Logs {props.editWord} | Grants write access to [Logpull and Logpush](/logs/). |
+| Managed { props.src === "dash" ? "Headers" : "headers" } Read | Grants read access to [Managed Headers](/rules/transform/managed-transforms/). |
+| Managed { props.src === "dash" ? "Headers" : "headers" } {props.editWord} | Grants write access to [Managed Headers](/rules/transform/managed-transforms/). |
+| Origin { props.src === "dash" && "Rules" } Read | Grants read access to [Origin Rules](/rules/origin-rules/). |
+| Origin { props.src === "dash" && "Rules" } {props.editWord} | Grants write access to [Origin Rules](/rules/origin-rules/). |
+| Page Rules Read | Grants read access to [Page Rules](/rules/page-rules/). |
+| Page Rules {props.editWord} | Grants write access to [Page Rules](/rules/page-rules/). |
+| { props.src === "api" && "Domain" } Page Shield Read | Grants read access to [Page Shield](/page-shield/). |
+| { props.src === "api" && "Domain" } Page Shield {props.editWord} | Grants write access to [Page Shield](/page-shield/). |
+| Response Compression Read | Grants read access to [Response Compression](/rules/compression-rules/). |
+| Response Compression {props.editWord} | Grants write access to [Response Compression](/rules/compression-rules/). |
+| Sanitize Read | Grants read access to sanitization. |
+| Sanitize {props.editWord} | Grants write access to sanitization. |
+| { props.src === "dash" ? "Single Redirect" : "Dynamic URL Redirects" } Read | Grants read access to zone-level [Single Redirects](/rules/url-forwarding/single-redirects/). |
+| { props.src === "dash" ? "Single Redirect" : "Dynamic URL Redirects" } {props.editWord} | Grants write access to zone-level [Single Redirects](/rules/url-forwarding/single-redirects/). |
+| SSL and Certificates Read | Grants read access to [SSL configuration and certificate management](/ssl/). |
+| SSL and Certificates {props.editWord} | Grants write access to [SSL configuration and certificate management](/ssl/). |
+| { props.src === "api" && "Zone" } Transform Rules Read | Grants read access to [Transform Rules](/rules/transform/). |
+| { props.src === "api" && "Zone" } Transform Rules {props.editWord} | Grants write access to [Transform Rules](/rules/transform/). |
+| Waiting { props.src === "dash" ? "Room" : "Rooms" } Read | Grants read access to [Waiting Room](/waiting-room/). |
+| Waiting { props.src === "dash" ? "Room" : "Rooms" } {props.editWord} | Grants write access to [Waiting Room](/waiting-room/). |
+| Web3 Hostnames Read | Grants read access to [Web3 Hostnames](/web3/). |
+| Web3 Hostnames {props.editWord} | Grants write access to [Web3 Hostnames](/web3/). |
+| Workers Routes Read | Grants read access to [Cloudflare Workers](/workers/) and [Workers KV Storage](/kv/api/). |
+| Workers Routes {props.editWord} | Grants write access to [Cloudflare Workers](/workers/) and [Workers KV Storage](/kv/api/). |
+| Zaraz Read | Grants read access to [Zaraz](/zaraz/) zone level settings. |
+| Zaraz {props.editWord} | Grants write access to [Zaraz](/zaraz/) zone level settings. |
+| Zone Read | Grants read access to zone management. |
+| Zone {props.editWord} | Grants write access to zone management. |
+| Zone Settings Read | Grants read access to zone settings. |
+| Zone Settings {props.editWord} | Grants write access to zone settings. |
+| Zone Versioning Read | Grants read access to [Zone Versioning](/version-management/) at zone level. |
+| Zone Versioning {props.editWord} | Grants write access to [Zone Versioning](/version-management/) at zone level. |
+| Zone WAF Read | Grants read access to [Zone WAF](/waf/). |
+| Zone WAF {props.editWord} | Grants write access to [Zone WAF](/waf/). |
From 0f8c470ea650323d31b87dd3c58679a288b75e60 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Mon, 10 Mar 2025 15:13:45 +0000
Subject: [PATCH 3/4] Fix broken link
---
src/content/partials/fundamentals/account-permissions-table.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx
index 8e7ef5bb9ff5515..372a27b7c850fed 100644
--- a/src/content/partials/fundamentals/account-permissions-table.mdx
+++ b/src/content/partials/fundamentals/account-permissions-table.mdx
@@ -136,7 +136,7 @@ import { Markdown } from "~/components";
| Vectorize {props.editWord} | Grants write access to [Vectorize](/vectorize/). |
| Workers AI Read | Grants read access to [Workers AI](/workers-ai/). |
| Workers AI {props.editWord} | Grants write access to [Workers AI](/workers-ai/). |
-| Workers CI Read | Grants read access to [Workers CI] (/workers/). |
+| Workers CI Read | Grants read access to [Workers CI](/workers/). |
| Workers CI {props.editWord} | Grants write access to [Workers CI](/workers). |
| Workers KV Storage Read | Grants read access to [Cloudflare Workers KV Storage](/kv/api/). |
| Workers KV Storage {props.editWord} | Grants write access to [Cloudflare Workers KV Storage](/kv/api/). |
From aab28f12390851cf5951eb7fcfa00ef546cbaf6c Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Mon, 10 Mar 2025 15:25:05 +0000
Subject: [PATCH 4/4] Refactored a few entries
---
.../account-permissions-table.mdx | 288 +++++++++---------
1 file changed, 144 insertions(+), 144 deletions(-)
diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx
index 372a27b7c850fed..208c8063a8dcc63 100644
--- a/src/content/partials/fundamentals/account-permissions-table.mdx
+++ b/src/content/partials/fundamentals/account-permissions-table.mdx
@@ -6,147 +6,147 @@ params:
import { Markdown } from "~/components";
-| Name | Description |
-| ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
-| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
-| Access: Apps and Policies {props.editWord} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
-| Access: Audit Logs Read | Grants read access to [Cloudflare Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
-| Access: Custom { props.src === "dash" ? "Pages" : "Page" } Read | Grants read access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
-| Access: Custom { props.src === "dash" ? "Pages" : "Page" } {props.editWord} | Grants write access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
-| Access: Device Posture Read | Grants read access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
-| Access: Device Posture {props.editWord} | Grants write access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
-| Access: { props.src === "dash" && "Mutual TLS" } Certificates Read | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
-| Access: { props.src === "dash" && "Mutual TLS" } Certificates {props.editWord} | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
-| Access: Organizations, Identity Providers, and Groups Read | Grants read access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
-| Access: Organizations, Identity Providers, and Groups Revoke | Grants ability to revoke user sessions to [Cloudflare Access account resources](/cloudflare-one/identity/). |
-| Access: Organizations, Identity Providers, and Groups {props.editWord} | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
-| Access: Service Tokens Read | Grants read access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
-| Access: Service Tokens {props.editWord} | Grants write access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
-| Access: SSH Auditing { props.src === "api" && "CA" } Read | Grants read access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
-| Access: SSH Auditing { props.src === "api" && "CA" } {props.editWord} | Grants write access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
-| Account Analytics Read | Grants read access to [account analytics](/analytics/account-and-zone-analytics/account-analytics/). |
-| Account Custom Pages Read | Grants read access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
-| Account Custom Pages {props.editWord} | Grants write access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
-| Account { props.src === "dash" ? "Filter" : "Rule" } Lists Read | Grants read access to Account Filter Lists. |
-| Account { props.src === "dash" ? "Filter" : "Rule" } Lists {props.editWord} | Grants write access to Account Filter Lists. |
-| Account Firewall Access Rules Read | Grants read access to account firewall access rules. |
-| Account Firewall Access Rules {props.editWord} | Grants write access to account firewall access rules. |
-| Account Rulesets Read | Grants read access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
-| Account Rulesets {props.editWord} | Grants write access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
-| Account Settings Read | Grants read access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
-| Account Settings {props.editWord} | Grants write access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
-| Account: SSL and Certificates Read | Grants read access to [SSL and Certificates](/ssl/). |
-| Account: SSL and Certificates {props.editWord} | Grants write access to [SSL and Certificates](/ssl/). |
-| Account WAF Read | Grants read access to [Account WAF](/waf/). |
-| Account WAF {props.editWord} | Grants write access to [Account WAF](/waf/). |
-| Address Maps {props.editWord} | Grants write access to [Address Maps](/byoip/address-maps/) |
-| Address Maps Read | Grants read access to [Address Maps](/byoip/address-maps/) |
-| Allow Request Tracer Read | Grants read access to Request Tracer. |
-| { props.src === "api" && "Account" } API Gateway Read | Grants read access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
-| { props.src === "api" && "Account" } API Gateway {props.editWord} | Grants write access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
-| Billing Read | Grants read access to [billing profile, subscriptions, and access to fetch invoices](/fundamentals/subscriptions-and-billing/) and entitlements. |
-| Billing {props.editWord} | Grants write access to [billing profile, subscriptions, and access to fetch invoices and entitlements](/fundamentals/subscriptions-and-billing/). |
-| Bulk URL Redirects Read | Grants read access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
-| Bulk URL Redirects {props.editWord} | Grants write access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
-| China Network Steering Read | Grants read access to [China Network Steering](/china-network/). |
-| China Network Steering {props.editWord} | Grants write access to [China Network Steering](/china-network/). |
-| Cloudchamber Read | Grants read access to Cloudchamber deployments. |
-| Cloudchamber {props.editWord} | Grants write access to Cloudchamber deployments. |
-| { props.src === "dash" && "Cloudflare" } Calls Read | Grants read access to Cloudflare Calls. |
-| { props.src === "dash" && "Cloudflare" } Calls {props.editWord} | Grants write access to Cloudflare Calls. |
-| Cloudflare DEX Read | Grants read access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
-| Cloudflare DEX {props.editWord} | Grants write access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
-| { props.src === "dash" && "Cloudflare" } Images Read | Grants read access to [Cloudflare Images](/images/). |
-| { props.src === "dash" && "Cloudflare" } Images {props.editWord} | Grants write access to [Cloudflare Images](/images/). |
-| { props.src === "dash" ? "Cloudflare One Connector: cloudflared" : "Cloudflare One cloudflared Connectors" } Read | Grants read access to `cloudflared` Connectors |
-| { props.src === "dash" ? "Cloudflare One Connector: cloudflared" : "Cloudflare One cloudflared Connectors" } {props.editWord} | Grants write access to `cloudflared` Connectors |
-| { props.src === "dash" ? "Cloudflare One Connector: WARP" : "Cloudflare One Warp Connectors" } Read | Grants read access to Warp Connectors |
-| { props.src === "dash" ? "Cloudflare One Connector: WARP" : "Cloudflare One Warp Connectors" } {props.editWord} | Grants write access to Warp Connectors |
-| Cloudflare One Connectors Read | Grants read access to Cloudflare One Connectors |
-| Cloudflare One Connectors {props.editWord} | Grants write access to Cloudflare One Connectors |
-| Cloudflare One Networks Read | Grants read access to Cloudflare One Networks |
-| Cloudflare One Networks {props.editWord} | Grants write access to Cloudflare One Networks |
-| { props.src === "dash" && "Cloudflare" } Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. |
-| { props.src === "dash" && "Cloudflare" } Pages {props.editWord} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. |
-| { props.src === "dash" ? "Cloudflare" : "Argo" } Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
-| { props.src === "dash" ? "Cloudflare" : "Argo" } Tunnel {props.editWord} | Grants access to create and delete [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
-| Cloudforce One Read | Grants read access to Cloudforce One. |
-| Cloudforce One {props.editWord} | Grants write access to Cloudforce One. |
-| { props.src === "dash" ? "Email Security" : "Cloud Email Security:" } Read | Grants read access to [Cloud Email Security](/email-security/). |
-| { props.src === "dash" ? "Email Security" : "Cloud Email Security:" } {props.editWord} | Grants write access to [Email Security](/email-security/). |
-| Constellation Read | Grants read access to [Constellation](/constellation/). |
-| Constellation {props.editWord} | Grants write access to [Constellation](/constellation/). |
-| D1 Read | Grants read access to [D1](/d1/). |
-| D1 {props.editWord} | Grants write access to [D1](/d1/). |
-| DDoS Botnet Feed Read | Grants read access to Botnet Feed reports. |
-| DDoS Botnet Feed {props.editWord} | Grants write access to Botnet Feed configuration. |
-| DDoS Protection Read | Grants read access to [DDoS protection](/ddos-protection/). |
-| DDoS Protection {props.editWord} | Grants write access to [DDoS protection](/ddos-protection/). |
-| DNS Firewall Read | Grants read access to [DNS Firewall](/dns/dns-firewall/). |
-| DNS Firewall {props.editWord} | Grants write access to [DNS Firewall](/dns/dns-firewall/). |
-| Email Routing Addresses Read | Grants read access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
-| Email Routing Addresses {props.editWord} | Grants write access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
-| Hyperdrive Read | Grants read access to [Hyperdrive](/hyperdrive/). |
-| Hyperdrive {props.editWord} | Grants write access to [Hyperdrive](/hyperdrive/). |
-| Intel Read | Grants read access to [Intel](/security-center/intel-apis/). |
-| Intel {props.editWord} | Grants write access to [Intel](/security-center/intel-apis/). |
-| Integration {props.editWord} | Grants write access to integrations. |
-| IOT Read | Grants read access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
-| IOT {props.editWord} | Grants write access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
-| IP Prefixes: Read | Grants access to read IP prefix settings. |
-| IP Prefixes: {props.editWord} | Grants access to read/write IP prefix settings. |
-| IP Prefixes: BGP On Demand Read | Grants access to read IP prefix BGP configuration. |
-| IP Prefixes: BGP On Demand {props.editWord} | Grants access to read and change IP prefix BGP configuration. |
-| { props.src === "dash" ? "L3/4" : "L4" } DDoS Managed Ruleset Read | Grants read access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
-| { props.src === "dash" ? "L3/4" : "L4" } DDoS Managed Ruleset {props.editWord} | Grants write access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
-| Load Balancing: Monitors and Pools Read | Grants read access to account level [load balancer resources](/load-balancing/). |
-| Load Balancing: Monitors and Pools {props.editWord} | Grants write access to account level [load balancer resources](/load-balancing/). |
-| Logs Read | Grants read access to logs using [Logpull or Instant Logs](/logs/). |
-| Logs {props.editWord} | Grants read and write access to [Logpull, Logpush, and Instant Logs](/logs/). |
-| Magic Firewall Read | Grants read access to [Magic Firewall](/magic-firewall/). |
-| Magic Firewall {props.editWord} | Grants write access to [Magic Firewall](/magic-firewall/). |
-| { props.src === "dash" ? "Magic Firewall Packet Captures Read" : "Magic Firewall Packet Captures - Read PCAPs API" } | Grants read access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
-| { props.src === "dash" ? `Magic Firewall Packet Captures ${props.editWord}` : "Magic Firewall Packet Captures - Write PCAPs API" } | Grants write access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
-| Magic Network Monitoring Read | Grants read access to [Magic Network Monitoring](/magic-network-monitoring/). |
-| Magic Network Monitoring {props.editWord} | Grants write access to [Magic Network Monitoring](/magic-network-monitoring/). |
-| Magic Transit Read | Grants read access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
-| Magic Transit {props.editWord} | Grants write access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
-| Notifications Read | Grants read access to [Notifications](/notifications/). |
-| Notifications {props.editWord} | Grants write access to [Notifications](/notifications/). |
-| Page Shield Read | Grants read access to [Page Shield](/page-shield/). |
-| Page Shield {props.editWord} | Grants write access to [Page Shield](/page-shield/). |
-| { props.src === "dash" && "Workers" } Pipelines Read | Grants read access to Cloudflare Pipelines. |
-| { props.src === "dash" && "Workers" } Pipelines {props.editWord} | Grants write access to Cloudflare Pipelines. |
-| { props.src === "dash" ? "Pub/Sub" : "Pubsub Configuration" } Read | Grants read access to [Pub/Sub](/pub-sub/). |
-| { props.src === "dash" ? "Pub/Sub" : "Pubsub Configuration" } {props.editWord} | Grants write access to [Pub/Sub](/pub-sub/). |
-| Queues Read | Grants read access to [Queues](/queues/). |
-| Queues {props.editWord} | Grants write access to [Queues](/queues/). |
-| Rule Policies Read | Grants read access to Rule Policies. |
-| Rule Policies {props.editWord} | Grants write access to Rule Policies. |
-| Stream Read | Grants read access to [Cloudflare Stream](/stream/). |
-| Stream {props.editWord} | Grants write access to [Cloudflare Stream](/stream/). |
-| Transform Rules Read | Grants read access to [Transform Rules](/rules/transform/). |
-| Transform Rules {props.editWord} | Grants write access to [Transform Rules](/rules/transform/). |
-| Turnstile { props.src === "api" && "Sites" } Read | Grants read access to [Turnstile](/turnstile/). |
-| Turnstile { props.src === "api" && "Sites" } {props.editWord} | Grants write access to [Turnstile](/turnstile/). |
-| URL Scanner Read | Grants read access to [URL Scanner](/radar/investigate/url-scanner/). |
-| URL Scanner {props.editWord} | Grants write access to [URL Scanner](/radar/investigate/url-scanner/). |
-| Vectorize Read | Grants read access to [Vectorize](/vectorize/). |
-| Vectorize {props.editWord} | Grants write access to [Vectorize](/vectorize/). |
-| Workers AI Read | Grants read access to [Workers AI](/workers-ai/). |
-| Workers AI {props.editWord} | Grants write access to [Workers AI](/workers-ai/). |
-| Workers CI Read | Grants read access to [Workers CI](/workers/). |
-| Workers CI {props.editWord} | Grants write access to [Workers CI](/workers). |
-| Workers KV Storage Read | Grants read access to [Cloudflare Workers KV Storage](/kv/api/). |
-| Workers KV Storage {props.editWord} | Grants write access to [Cloudflare Workers KV Storage](/kv/api/). |
-| Workers R2 Storage Read | Grants read access to [Cloudflare R2 Storage](/r2/). |
-| Workers R2 Storage {props.editWord} | Grants write access to [Cloudflare R2 Storage](/r2/). |
-| Workers Scripts Read | Grants read access to [Cloudflare Workers scripts](/workers/). |
-| Workers Scripts {props.editWord} | Grants write access to [Cloudflare Workers scripts](/workers/). |
-| Workers Tail Read | Grants [`wrangler tail`](/workers/wrangler/commands/#tail) read permissions. |
-| Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/). |
-| Zero Trust Report | Grants reporting access to [Cloudflare Zero Trust](/cloudflare-one/). |
-| Zero Trust {props.editWord} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/). |
-| Zero Trust: PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. |
-| Zero Trust: Seats {props.editWord} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). |
+| Name | Description |
+| -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
+| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
+| Access: Apps and Policies {props.editWord} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. |
+| Access: Audit Logs Read | Grants read access to [Cloudflare Access audit logs](/cloudflare-one/insights/logs/audit-logs/). |
+| Access: Custom { props.src === "dash" ? "Pages" : "Page" } Read | Grants read access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
+| Access: Custom { props.src === "dash" ? "Pages" : "Page" } {props.editWord} | Grants write access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). |
+| Access: Device Posture Read | Grants read access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
+| Access: Device Posture {props.editWord} | Grants write access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). |
+| Access: { props.src === "dash" && "Mutual TLS" } Certificates Read | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
+| Access: { props.src === "dash" && "Mutual TLS" } Certificates {props.editWord} | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). |
+| Access: Organizations, Identity Providers, and Groups Read | Grants read access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
+| Access: Organizations, Identity Providers, and Groups Revoke | Grants ability to revoke user sessions to [Cloudflare Access account resources](/cloudflare-one/identity/). |
+| Access: Organizations, Identity Providers, and Groups {props.editWord} | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/). |
+| Access: Service Tokens Read | Grants read access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
+| Access: Service Tokens {props.editWord} | Grants write access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). |
+| Access: SSH Auditing { props.src === "api" && "CA" } Read | Grants read access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
+| Access: SSH Auditing { props.src === "api" && "CA" } {props.editWord} | Grants write access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). |
+| Account Analytics Read | Grants read access to [account analytics](/analytics/account-and-zone-analytics/account-analytics/). |
+| Account Custom Pages Read | Grants read access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
+| Account Custom Pages {props.editWord} | Grants write access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). |
+| Account { props.src === "dash" ? "Filter" : "Rule" } Lists Read | Grants read access to Account Filter Lists. |
+| Account { props.src === "dash" ? "Filter" : "Rule" } Lists {props.editWord} | Grants write access to Account Filter Lists. |
+| Account Firewall Access Rules Read | Grants read access to account firewall access rules. |
+| Account Firewall Access Rules {props.editWord} | Grants write access to account firewall access rules. |
+| Account Rulesets Read | Grants read access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
+| Account Rulesets {props.editWord} | Grants write access to [Account Rulesets](/ruleset-engine/about/rulesets/). |
+| Account Settings Read | Grants read access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
+| Account Settings {props.editWord} | Grants write access to [Account resources, account membership, and account level features](/fundamentals/subscriptions-and-billing/). |
+| Account: SSL and Certificates Read | Grants read access to [SSL and Certificates](/ssl/). |
+| Account: SSL and Certificates {props.editWord} | Grants write access to [SSL and Certificates](/ssl/). |
+| Account WAF Read | Grants read access to [Account WAF](/waf/). |
+| Account WAF {props.editWord} | Grants write access to [Account WAF](/waf/). |
+| Address Maps {props.editWord} | Grants write access to [Address Maps](/byoip/address-maps/) |
+| Address Maps Read | Grants read access to [Address Maps](/byoip/address-maps/) |
+| Allow Request Tracer Read | Grants read access to Request Tracer. |
+| { props.src === "api" && "Account" } API Gateway Read | Grants read access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
+| { props.src === "api" && "Account" } API Gateway {props.editWord} | Grants write access to [API Gateway (including API Shield)](/api-shield/) for all domains in an account. |
+| Billing Read | Grants read access to [billing profile, subscriptions, and access to fetch invoices](/fundamentals/subscriptions-and-billing/) and entitlements. |
+| Billing {props.editWord} | Grants write access to [billing profile, subscriptions, and access to fetch invoices and entitlements](/fundamentals/subscriptions-and-billing/). |
+| Bulk URL Redirects Read | Grants read access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
+| Bulk URL Redirects {props.editWord} | Grants write access to [Bulk URL Redirects](/rules/url-forwarding/bulk-redirects/). |
+| China Network Steering Read | Grants read access to [China Network Steering](/china-network/). |
+| China Network Steering {props.editWord} | Grants write access to [China Network Steering](/china-network/). |
+| Cloudchamber Read | Grants read access to Cloudchamber deployments. |
+| Cloudchamber {props.editWord} | Grants write access to Cloudchamber deployments. |
+| { props.src === "dash" && "Cloudflare" } Calls Read | Grants read access to Cloudflare Calls. |
+| { props.src === "dash" && "Cloudflare" } Calls {props.editWord} | Grants write access to Cloudflare Calls. |
+| Cloudflare DEX Read | Grants read access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
+| Cloudflare DEX {props.editWord} | Grants write access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). |
+| { props.src === "dash" && "Cloudflare" } Images Read | Grants read access to [Cloudflare Images](/images/). |
+| { props.src === "dash" && "Cloudflare" } Images {props.editWord} | Grants write access to [Cloudflare Images](/images/). |
+| Cloudflare One { props.src === "dash" ? "Connector: cloudflared" : "cloudflared Connectors" } Read | Grants read access to `cloudflared` Connectors |
+| Cloudflare One { props.src === "dash" ? "Connector: cloudflared" : "cloudflared Connectors" } {props.editWord} | Grants write access to `cloudflared` Connectors |
+| Cloudflare One { props.src === "dash" ? "Connector: WARP" : "Warp Connectors" } Read | Grants read access to Warp Connectors |
+| Cloudflare One { props.src === "dash" ? "Connector: WARP" : "Warp Connectors" } {props.editWord} | Grants write access to Warp Connectors |
+| Cloudflare One Connectors Read | Grants read access to Cloudflare One Connectors |
+| Cloudflare One Connectors {props.editWord} | Grants write access to Cloudflare One Connectors |
+| Cloudflare One Networks Read | Grants read access to Cloudflare One Networks |
+| Cloudflare One Networks {props.editWord} | Grants write access to Cloudflare One Networks |
+| { props.src === "dash" && "Cloudflare" } Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. |
+| { props.src === "dash" && "Cloudflare" } Pages {props.editWord} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. |
+| { props.src === "dash" ? "Cloudflare" : "Argo" } Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
+| { props.src === "dash" ? "Cloudflare" : "Argo" } Tunnel {props.editWord} | Grants access to create and delete [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). |
+| Cloudforce One Read | Grants read access to Cloudforce One. |
+| Cloudforce One {props.editWord} | Grants write access to Cloudforce One. |
+| { props.src === "dash" ? "Email Security" : "Cloud Email Security:" } Read | Grants read access to [Cloud Email Security](/email-security/). |
+| { props.src === "dash" ? "Email Security" : "Cloud Email Security:" } {props.editWord} | Grants write access to [Email Security](/email-security/). |
+| Constellation Read | Grants read access to [Constellation](/constellation/). |
+| Constellation {props.editWord} | Grants write access to [Constellation](/constellation/). |
+| D1 Read | Grants read access to [D1](/d1/). |
+| D1 {props.editWord} | Grants write access to [D1](/d1/). |
+| DDoS Botnet Feed Read | Grants read access to Botnet Feed reports. |
+| DDoS Botnet Feed {props.editWord} | Grants write access to Botnet Feed configuration. |
+| DDoS Protection Read | Grants read access to [DDoS protection](/ddos-protection/). |
+| DDoS Protection {props.editWord} | Grants write access to [DDoS protection](/ddos-protection/). |
+| DNS Firewall Read | Grants read access to [DNS Firewall](/dns/dns-firewall/). |
+| DNS Firewall {props.editWord} | Grants write access to [DNS Firewall](/dns/dns-firewall/). |
+| Email Routing Addresses Read | Grants read access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
+| Email Routing Addresses {props.editWord} | Grants write access to [Email Routing Addresses](/email-routing/setup/email-routing-addresses/). |
+| Hyperdrive Read | Grants read access to [Hyperdrive](/hyperdrive/). |
+| Hyperdrive {props.editWord} | Grants write access to [Hyperdrive](/hyperdrive/). |
+| Intel Read | Grants read access to [Intel](/security-center/intel-apis/). |
+| Intel {props.editWord} | Grants write access to [Intel](/security-center/intel-apis/). |
+| Integration {props.editWord} | Grants write access to integrations. |
+| IOT Read | Grants read access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
+| IOT {props.editWord} | Grants write access to [IOT](https://blog.cloudflare.com/rethinking-internet-of-things-security/). |
+| IP Prefixes: Read | Grants access to read IP prefix settings. |
+| IP Prefixes: {props.editWord} | Grants access to read/write IP prefix settings. |
+| IP Prefixes: BGP On Demand Read | Grants access to read IP prefix BGP configuration. |
+| IP Prefixes: BGP On Demand {props.editWord} | Grants access to read and change IP prefix BGP configuration. |
+| { props.src === "dash" ? "L3/4" : "L4" } DDoS Managed Ruleset Read | Grants read access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
+| { props.src === "dash" ? "L3/4" : "L4" } DDoS Managed Ruleset {props.editWord} | Grants write access to [L3/4 DDoS managed ruleset](/ddos-protection/managed-rulesets/network/). |
+| Load Balancing: Monitors and Pools Read | Grants read access to account level [load balancer resources](/load-balancing/). |
+| Load Balancing: Monitors and Pools {props.editWord} | Grants write access to account level [load balancer resources](/load-balancing/). |
+| Logs Read | Grants read access to logs using [Logpull or Instant Logs](/logs/). |
+| Logs {props.editWord} | Grants read and write access to [Logpull, Logpush, and Instant Logs](/logs/). |
+| Magic Firewall Read | Grants read access to [Magic Firewall](/magic-firewall/). |
+| Magic Firewall {props.editWord} | Grants write access to [Magic Firewall](/magic-firewall/). |
+| Magic Firewall Packet Captures { props.src === "dash" ? "Read" : "- Read PCAPs API" } | Grants read access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
+| Magic Firewall Packet Captures { props.src === "dash" ? props.editWord : `- ${props.editWord} PCAPs API` } | Grants write access to [Packet Captures](/magic-firewall/packet-captures/collect-pcaps/). |
+| Magic Network Monitoring Read | Grants read access to [Magic Network Monitoring](/magic-network-monitoring/). |
+| Magic Network Monitoring {props.editWord} | Grants write access to [Magic Network Monitoring](/magic-network-monitoring/). |
+| Magic Transit Read | Grants read access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
+| Magic Transit {props.editWord} | Grants write access to manage a user's [Magic Transit prefixes](/magic-transit/how-to/advertise-prefixes/). |
+| Notifications Read | Grants read access to [Notifications](/notifications/). |
+| Notifications {props.editWord} | Grants write access to [Notifications](/notifications/). |
+| Page Shield Read | Grants read access to [Page Shield](/page-shield/). |
+| Page Shield {props.editWord} | Grants write access to [Page Shield](/page-shield/). |
+| { props.src === "dash" && "Workers" } Pipelines Read | Grants read access to Cloudflare Pipelines. |
+| { props.src === "dash" && "Workers" } Pipelines {props.editWord} | Grants write access to Cloudflare Pipelines. |
+| { props.src === "dash" ? "Pub/Sub" : "Pubsub Configuration" } Read | Grants read access to [Pub/Sub](/pub-sub/). |
+| { props.src === "dash" ? "Pub/Sub" : "Pubsub Configuration" } {props.editWord} | Grants write access to [Pub/Sub](/pub-sub/). |
+| Queues Read | Grants read access to [Queues](/queues/). |
+| Queues {props.editWord} | Grants write access to [Queues](/queues/). |
+| Rule Policies Read | Grants read access to Rule Policies. |
+| Rule Policies {props.editWord} | Grants write access to Rule Policies. |
+| Stream Read | Grants read access to [Cloudflare Stream](/stream/). |
+| Stream {props.editWord} | Grants write access to [Cloudflare Stream](/stream/). |
+| Transform Rules Read | Grants read access to [Transform Rules](/rules/transform/). |
+| Transform Rules {props.editWord} | Grants write access to [Transform Rules](/rules/transform/). |
+| Turnstile { props.src === "api" && "Sites" } Read | Grants read access to [Turnstile](/turnstile/). |
+| Turnstile { props.src === "api" && "Sites" } {props.editWord} | Grants write access to [Turnstile](/turnstile/). |
+| URL Scanner Read | Grants read access to [URL Scanner](/radar/investigate/url-scanner/). |
+| URL Scanner {props.editWord} | Grants write access to [URL Scanner](/radar/investigate/url-scanner/). |
+| Vectorize Read | Grants read access to [Vectorize](/vectorize/). |
+| Vectorize {props.editWord} | Grants write access to [Vectorize](/vectorize/). |
+| Workers AI Read | Grants read access to [Workers AI](/workers-ai/). |
+| Workers AI {props.editWord} | Grants write access to [Workers AI](/workers-ai/). |
+| Workers CI Read | Grants read access to [Workers CI](/workers/). |
+| Workers CI {props.editWord} | Grants write access to [Workers CI](/workers). |
+| Workers KV Storage Read | Grants read access to [Cloudflare Workers KV Storage](/kv/api/). |
+| Workers KV Storage {props.editWord} | Grants write access to [Cloudflare Workers KV Storage](/kv/api/). |
+| Workers R2 Storage Read | Grants read access to [Cloudflare R2 Storage](/r2/). |
+| Workers R2 Storage {props.editWord} | Grants write access to [Cloudflare R2 Storage](/r2/). |
+| Workers Scripts Read | Grants read access to [Cloudflare Workers scripts](/workers/). |
+| Workers Scripts {props.editWord} | Grants write access to [Cloudflare Workers scripts](/workers/). |
+| Workers Tail Read | Grants [`wrangler tail`](/workers/wrangler/commands/#tail) read permissions. |
+| Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/). |
+| Zero Trust Report | Grants reporting access to [Cloudflare Zero Trust](/cloudflare-one/). |
+| Zero Trust {props.editWord} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/). |
+| Zero Trust: PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. |
+| Zero Trust: Seats {props.editWord} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). |