From 2c97cbcfa979352b354490394d7eba3d381031c1 Mon Sep 17 00:00:00 2001 From: Cyril PETEL Date: Wed, 8 Oct 2025 17:14:38 +0200 Subject: [PATCH 1/3] adding missing permission sets for Organization scope --- pages/iam/reference-content/permission-sets.mdx | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/pages/iam/reference-content/permission-sets.mdx b/pages/iam/reference-content/permission-sets.mdx index f1882634ca..21b7f52301 100644 --- a/pages/iam/reference-content/permission-sets.mdx +++ b/pages/iam/reference-content/permission-sets.mdx @@ -19,6 +19,14 @@ Below is a list of the permission sets available at Scaleway. | ProjectReadOnly | Read access to Project management. Does not include access to Project resources | | IAMReadOnly | Read access to IAM. This means list and read access to users, groups, applications, policies, and API keys | | IAMManager | Full access to IAM. This means access to all possible actions for users, groups, applications, policies and API keys and all ProjectManager permissions | +| IAMApplicationManager | Full access to IAM Applications, including management of Applications API keys | +| IAMApplicationReadOnly | Read access to IAM Applications, including listing Applications API keys | +| IAMUserManager | Full access to IAM Users, including listing Users API keys | +| IAMUserReadOnly | Read access to IAM Users, including listing Users API keys | +| IAMGroupManager | Full access to IAM groups | +| IAMGroupReadOnly | Read access to IAM groups | +| IAMPolicyManager | Full access to IAM policies | +| IAMPolicyReadOnly | Read access to IAM policies | | BillingReadOnly | List and read access to billing information | | BillingManager | Full access to billing management. This means access to list, read and edit billing contact information, payment information, billing alerts and invoices | | OrganizationManager | Full access to Organization management. This means access to all possible actions for Projects, IAM, billing and support/abuse tickets. Does not include access to list and create resources | @@ -27,7 +35,12 @@ Below is a list of the permission sets available at Scaleway. | SupportTicketReadOnly | List and read access to support tickets | | AbuseTicketManager | Full access to abuse tickets. This means access to create, read and update abuse tickets in the Organization | | AuditTrailReadOnly | List and read access to Audit Trail events | - +| AuditTrailExportRead | Read access to Audit Trail exports | +| AuditTrailExportDelete | Delete access to Audit Trail exports | +| AuditTrailFullAccess | Full access to Audit Trail | +| EnvironmentalImpactReadOnly | Read access to Environmental Impact information | +| NotificationManagerFullAccess | Full access to the notification manager | +| NotificationManagerReadOnly | Read access the notification manager | Any user or application benefitting from the `IAMManager` and/or `OrganizationManager` permission sets is able to create policies giving themselves access to any other actions and resources within the Organization. From 1fb5be4ef5cf798a127714e47be7695ac19758eb Mon Sep 17 00:00:00 2001 From: Cyril PETEL Date: Thu, 16 Oct 2025 09:22:38 +0200 Subject: [PATCH 2/3] fixing typo --- pages/iam/how-to/set-up-identity-federation.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/iam/how-to/set-up-identity-federation.mdx b/pages/iam/how-to/set-up-identity-federation.mdx index 68cd4977c9..08fa4c2ac7 100644 --- a/pages/iam/how-to/set-up-identity-federation.mdx +++ b/pages/iam/how-to/set-up-identity-federation.mdx @@ -10,7 +10,7 @@ import Requirements from '@macros/iam/requirements.mdx' Scaleway supports Identity Federation to provide your teams with secure access to their accounts via Single Sign-On (SSO). Depending on your organization’s requirements, you can use either built-in OAuth2 providers or configure SAML for centralized identity management. - SAML SSO login is in Early Access. This means that currenttly, only a few Organizations can access and test the feature. + SAML SSO login is in Early Access. This means that currently, only a few Organizations can access and test the feature. | Feature | **OAuth2** | **SAML** | From e200697279a0ddd9bf165a06209b0d8143d508ff Mon Sep 17 00:00:00 2001 From: Cyril Petel <100215794+crlptl@users.noreply.github.com> Date: Thu, 16 Oct 2025 14:39:44 +0200 Subject: [PATCH 3/3] Update pages/iam/reference-content/permission-sets.mdx MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Néda <87707325+nerda-codes@users.noreply.github.com> --- pages/iam/reference-content/permission-sets.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/iam/reference-content/permission-sets.mdx b/pages/iam/reference-content/permission-sets.mdx index 21b7f52301..dd8326ef64 100644 --- a/pages/iam/reference-content/permission-sets.mdx +++ b/pages/iam/reference-content/permission-sets.mdx @@ -40,7 +40,7 @@ Below is a list of the permission sets available at Scaleway. | AuditTrailFullAccess | Full access to Audit Trail | | EnvironmentalImpactReadOnly | Read access to Environmental Impact information | | NotificationManagerFullAccess | Full access to the notification manager | -| NotificationManagerReadOnly | Read access the notification manager | +| NotificationManagerReadOnly | Read access to the notification manager | Any user or application benefitting from the `IAMManager` and/or `OrganizationManager` permission sets is able to create policies giving themselves access to any other actions and resources within the Organization.