fix(tem): blocklist

Author: ldecarvalho-doc

faq/transactional-email.mdx

@@ -25,30 +25,36 @@ Scaleway's Transactional Email platform is dedicated to sending transactional em
 
 ## How can I configure DNS records to send emails?
 
-You need to [add SPF and DKIM records](/transactional-email/how-to/add-spf-dkim-records-to-your-domain/) to be able to send emails. Find out [how to set up your DNS records for other DNS providers](/tutorials/set-up-spf-dkim-for-dns-providers/).
+You need to [add SPF and DKIM records](/managed-services/transactional-email/how-to/add-spf-dkim-records-to-your-domain/) to be able to send emails. Find out [how to set up your DNS records for other DNS providers](/tutorials/set-up-spf-dkim-for-dns-providers/).
 
 ## How do I know if my domain is valid for sending emails?
 
 After configuring your SPF and DKIM records, you must launch a verification of the domain either via [the console](https://console.scaleway.com/transactional-email/domains) in the **DNS verification** tab, or the [API](https://www.scaleway.com/en/developers/api/transactional-email/#path-domains-display-spf-and-dkim-records-status-and-potential-errors). You will then receive an email informing you whether your domain was validated or if there are errors to fix so it can be validated.
 
 ## Do I have to set up an MX record for better email deliverability?
 
-Setting up an [MX record](/transactional-email/concepts#mx-record) is highly recommended to ensure your email deliverability. Find out [how to add an MX record to your domain](/transactional-email/how-to/add-mx-record-to-your-domain/#how-to-add-your-own-mx-record). You can also [use Scaleway's blackhole MX](/transactional-email/how-to/add-mx-record-to-your-domain/#how-to-add-scaleways-mx-record) if you do not have your own MX.
+Setting up an [MX record](/managed-services/transactional-email/concepts#mx-record) is highly recommended to ensure your email deliverability. Find out [how to add an MX record to your domain](/managed-services/transactional-email/how-to/add-mx-record-to-your-domain/#how-to-add-your-own-mx-record). You can also [use Scaleway's blackhole MX](/managed-services/transactional-email/how-to/add-mx-record-to-your-domain/#how-to-add-scaleways-mx-record) if you do not have your own MX.
 
 ## What happens to automatically configured DNS records when I delete a domain in the Transactional Email service?
 
-When a domain is removed from Scalway's Transactional Email platform, [autoconfigured DNS records](/transactional-email/how-to/autoconfigure-domain/) are not automatically deleted in the Domains & DNS section. If you no longer use the domain for sending emails, you must manually delete or modify these records. It is recommended to verify the associated DNS records to ensure they are correctly configured or removed.
+When a domain is removed from Scalway's Transactional Email platform, [autoconfigured DNS records](/managed-services/transactional-email/how-to/autoconfigure-domain/) are not automatically deleted in the Domains & DNS section. If you no longer use the domain for sending emails, you must manually delete or modify these records. It is recommended to verify the associated DNS records to ensure they are correctly configured or removed.
 
 ## What is the impact on the Transactional Email service if a DNS zone is deleted in Scaleway Domains & DNS?
 
-If a DNS zone is deleted while [autoconfig is enabled](/transactional-email/how-to/autoconfigure-domain/), the DNS records will be added to the parent zone. This ensures that the domain remains validated on the Transactional Email platform, allowing continued use of the service without interruption.
+If a DNS zone is deleted while [autoconfig is enabled](/managed-services/transactional-email/how-to/autoconfigure-domain/), the DNS records will be added to the parent zone. This ensures that the domain remains validated on the Transactional Email platform, allowing continued use of the service without interruption.
 
 ## What are the limitations and restrictions when using Transactional Email?
 
-Find out about [limits and quotas](/transactional-email/reference-content/tem-capabilities-and-limits/) available for Transactional Email. If you want to increase your quota beyond the values shown on this page, [contact our support team](https://console.scaleway.com/support/create).
+Find out about [limits and quotas](/managed-services/transactional-email/reference-content/tem-capabilities-and-limits/) available for Transactional Email. If you want to increase your quota beyond the values shown on this page, [contact our support team](https://console.scaleway.com/support/create).
 
 ## How is Scaleway's Transactional Email service billed?
 
 At the end of the month, you are billed for the number of emails you sent.
 If the number of emails you have sent exceeds the number of emails included in your offer, you will be billed for the excess emails. For example, if you use the free tier of 300 emails per month, and you end up sending 305 emails, you will only be billed for five emails out of the 305 you have sent.
-Check out our [dedicated page](https://www.scaleway.com/en/pricing/?tags=managedservices-transactionalemail-transactionalemail) for more information about Transactional Email's pricing.
+Check out our [dedicated page](https://www.scaleway.com/en/pricing/?tags=managedservices-transactionalemail-transactionalemail) for more information about Transactional Email's pricing.
+
+## Can I unblock an address that was automatically added to a TEM blocklist before the 48-hour period ends?
+Yes, you can manually unblock any address, even if it is still under the temporary block period.
+
+## What happens if an address on a TEM blocklist becomes valid again?
+You can manually unblock the address. Make sure you confirm that the initial cause of the bounce was resolved before doing so to avoid further issues.

identity-and-access-management/iam/reference-content/permission-sets.mdx

@@ -0,0 +1,132 @@
+---
+meta:
+  title: Permission sets
+  description: Explore how to define and manage permission sets for user access control.
+content:
+  h1: Permission sets
+  paragraph: Explore how to define and manage permission sets for user access control.
+dates:
+  validation: 2024-10-23
+---
+
+Permissions sets and their scope make up [IAM rules](/identity-and-access-management/iam/concepts/#rule), which define the access rights that a principal (user, group or application) should have. They consist of sets of one or multiple [permissions](/identity-and-access-management/iam/concepts/#permission).
+
+Permission set names contain descriptions that clearly explain their purpose. For example, a permission set that grants access to all actions you can perform on Instances is called: `InstancesFullAccess`.
+
+Below is a list of the permission sets available at Scaleway.
+
+## Scoped by Organization
+
+| Permission set                                                                                                                                        | Description                                                                                                                                        |
+:----------------------------------------------------------------------------------------------------------------------------------------------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------: |
+| ProjectManager                                                                                                                                             | Full access to Project management. This means access to create, rename, list and delete projects. It does not include access to Project resources |
+| ProjectReadOnly              | Read access to Project management. Does not include access to Project resources      |
+| IAMReadOnly                  | Read access to IAM. This means list and read access to users, groups, applications, policies, and API keys                                                |
+| IAMManager                   | Full access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys) and all ProjectManager permissions              |
+| BillingReadOnly              | List and read access to billing information                                                                                                        |
+| BillingManager               | Full access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices |
+| OrganizationManager          | Full access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources                          |
+| OrganizationReadOnly         | Read access to the Organization's general information (e.g. Organization ID and quotas)                                                                    |
+| SupportTicketManager         | Full access to support tickets. This means access to create, read and update support tickets in the Organization                                                               |
+| SupportTicketReadOnly        | List and read access to support tickets                                                                                                                             |
+| AbuseTicketManager           | Full access to abuse tickets. This means access to create, read and update abuse tickets in the Organization                                                                   |
+| AuditTrailReadOnly           | List and read access to Audit Trail events                                                                   |
+
+
+<Message type="important">
+  Any user or application benefitting from the `IAMManager` and/or `OrganizationManager` permission sets is able to create policies giving themselves access to any other actions and resources within the Organization.
+</Message>
+
+## Scoped by Project
+
+| Permission set               | Description                                                                           |
+| :--------------------------: | :-----------------------------------------------------------------------------------: |
+| AllProductsFullAccess        | Full access to create, read, list, edit and delete all resources (products)           |
+| AllProductsReadOnly          | Read access to list and read info for all resources (products)                        |
+| SSHKeysReadOnly              | Read access to SSH keys                                                               |
+| SSHKeysFullAccess            | Full access to SSH keys                                                               |
+| AppleSiliconReadOnly         | List and read access to Apple Silicon                                          |
+| AppleSiliconFullAccess       | Full access to create, read, list, edit and delete Apple Silicon.                     |
+| ElasticMetalReadOnly         | List and read access to Elastic Metal                                          |
+| ElasticMetalFullAccess       | Full access to create, read, list, edit and delete Elastic Metal                      |
+| InstancesFullAccess          | Full access to create, read, list, edit and delete Instances                          |
+| InstancesReadOnly            | List and read access to Instances                                              |
+| KubernetesReadOnly           | List and read access to Kubernetes                                             |
+| KubernetesFullAccess         | Full access to create, read, list, edit and delete Kubernetes                         |
+| KubernetesExternalNodeRegister | Attach external nodes to a Kosmos cluster                         |
+| KubernetesSystemMastersGroupAccess       | Gives the Kubernetes system:masters role to perform any action on the cluster           |
+| DediboxReadOnly              | List and read access to Dedibox                                               |
+| DediboxFullAccess            | Full access to create, read, list, edit and delete Dedibox                            |
+| ContainersReadOnly           | List and read access to Containers                                             |
+| ContainersFullAccess         | Full access to create, read, list, edit and delete to Containers                      |
+| FunctionsReadOnly            | List and read access to Functions                                              |
+| FunctionsFullAccess          | Full access to create, read, list, edit and delete Functions                          |
+| MessagingAndQueuingReadOnly  | List and read access to Messaging                                             |
+| MessagingAndQueuingFullAccess | Full access to create, read, list, edit and delete Messaging                          |
+| ServerlessJobsFullAccess     | Full access to create, read, list, edit and delete job definition/run |
+| ServerlessJobsReadOnly       | List and read access to job definition/run |
+| ServerlessSQLDatabaseReadOnly| List and read access to Serverless SQL Database |
+| ServerlessSQLDatabaseReadWrite| List, read and write access to Serverless SQL Database. Includes data and table structure edition. Does not include permissions to create databases or edit settings |
+| ServerlessSQLDatabaseFullAccess| Full access to create, read, list, edit and delete Serverless SQL Database |
+| RelationalDatabasesReadOnly  | List and read access to Managed Database for PostgreSQL and MySQL                                             |
+| RelationalDatabasesFullAccess| Full access to create, read, list, edit and delete Managed Database for PostgreSQL and MySQL |
+| ObjectStorageReadOnly        | List and read access to Object Storage                                        |
+| ObjectStorageFullAccess      | Full access to create, read, list, edit and delete Object Storage                     |
+| ObjectStorageObjectsRead     | Read access to objects, tags, metadata, and storage class                                  |
+| ObjectStorageBucketsRead     | Read access to buckets and bucket configuration including lifecycle rules                    |
+| ObjectStorageObjectsWrite    | Access to create and edit objects, tags, metadata, and storage class                                       |
+| ObjectStorageObjectsDelete   | Access to delete objects	                     |
+| ObjectStorageBucketsWrite    | Access to create and edit buckets, bucket configuration including lifecycle rules                                        |
+| ObjectStorageBucketsDelete   | Access to delete buckets	                    |
+| RedisReadOnly                | List and read access to Managed Database for Redis™                                   |
+| RedisFullAccess              | Full access to create, read, list, edit and delete Managed Database for Redis™               |
+| PrivateNetworksFullAccess    | Full access to create, read, list, edit and delete Private Networks                   |
+| VPCGatewayReadOnly           | List and read access to Public Gateways                                      |
+| VPCGatewayFullAccess         | Full access to create, read, list, edit and delete Public Gateways                    |
+| VPCFullAccess                | Full access to VPC           |
+| VPCReadOnly                  | Read access to VPC           |
+| AutoscalingFullAccess        | Full access to autoscaling         |
+| AutoscalingReadOnly          | Read access to autoscaling          |
+| EdgeServicesFullAccess       | Full access to Edge Services         |
+| EdgeServicesReadOnly         | Read access to Edge Services           |
+| IPAMFullAccess               | Full access to IPAM           |
+| IPAMReadOnly                 | Read access to IPAM          |
+| LoadBalancersReadOnly        | List and read access to Load Balancer                                         |
+| LoadBalancersFullAccess      | Full access to create, read, list, edit and delete Load Balancer                      |
+| DomainsDNSReadOnly           | List and read access to Domains and DNS                                              |
+| DomainsDNSFullAccess         | Full access to create, read, list, edit and delete Domains and DNS                          |
+| ContainerRegistryReadOnly    | List and read access to Container Registry                                    |
+| ContainerRegistryFullAccess  | Full access to create, read, list, edit and delete Container Registry                 |
+| IoTReadOnly                  | List and read access to IoT Hub                                               |
+| IoTFullAccess                | Full access to create, read, list, edit and delete IoT Hub                            |
+| ObservabilityReadOnly        | List and read access to Observability                                         |
+| ObservabilityFullAccess      | Full access to create, read, list, edit and delete Observability                      |
+| TransactionalEmailReadOnly   | List and read access to Transactional Email                                   |
+| TransactionalEmailFullAccess | Full access to create, read, list, edit and delete Transactional Email                |
+| TransactionalEmailBlocklistFullAccess  | Full access to blocklists in transactional email.                               |
+| TransactionalEmailBlocklistReadOnly | Read access to blocklists in transactional email.               |
+| TransactionalEmailBlocklistFullAccess  | Full access to blocklists in transactional email.                               |
+| TransactionalEmailBlocklistReadOnly | Read access to blocklists in transactional email.               |
+| TransactionalEmailDomainReadOnly  |  Read access to domains in Transactional Email. Does not include permissions for e-mails        |
+| TransactionalEmailDomainFullAccess | Full access to domains in Transactional Email. Does not include permissions for e-mails              |
+| TransactionalEmailEmailReadOnly | Read access to e-mails in Transactional Email. Does not include permissions for domain configuration               |
+| TransactionalEmailEmailFullAccess | Full access to e-mails in Transactional Email. Does not include permissions for domain configuration              |
+| TransactionalEmailWebhookFullAccess      | Full access to Webhooks in Transactional Email           |
+| TransactionalEmailWebhookReadOnly      | Read access to Webhooks in Transactional Email             |
+| TransactionalEmailProjectSettingsFullAccess    | Full access to Project settings in Transactional Email            |
+| TransactionalEmailProjectSettingsReadOnly       | Read access to Project settings in Transactional Email       |
+| WebHostingReadOnly           | List and read access to Web Hosting                                  |
+| WebHostingFullAccess         | Full access to create, read, list, edit and delete Web Hosting               |
+| SecretManagerReadOnly        | List and read secrets' metadata (name, tags, creation date, etc.). Does not include permissions for data (versions) accessing or editing                            |
+| SecretManagerFullAccess      | Full access to create, read, list, edit, access, and delete secrets and their versions in Secret Manager                |
+| SecretManagerSecretAccess    | Read access to versions' data in Secret Manager. Does not include permissions for data editing             |
+| SecretManagerSecretCreate    | Permission to create secrets and their versions in Secret Manager. Does not include permission to update secrets and versions             |
+| SecretManagerSecretDelete    | Permission to delete secrets and their versions  in Secret Manager            |
+| SecretManagerSecretWrite     | Permission to edit the metadata (name, tags, description, etc.) of secrets and their versions in Secret Manager. Does not include permission to create secrets and versions           |
+| BlockStorageReadOnly         | List and read access to Block Storage                |
+| BlockStorageFullAccess       | Full access to create, read, list, edit and delete in Block Storage            |
+
+
+<Message type="important">
+  Some additional permission sets may appear on your Scaleway console if you are enrolled in beta testing for products or features.
+</Message>