Using actions | LaunchDarkly

Overview

This topic is a complete reference of all actions that are available to use in role policies. It includes tables with all supported actions and details about them. These actions are scoped by resource type.

Actions represent changes you can make to resources, such as createFlag, deleteFlag, updateName, and more.

To learn more about how actions work within role policies, read Member role concepts.

Recently added actions

When new features are added to LaunchDarkly, there may be new associated actions. We recommend reviewing these actions periodically to determine if you want to add them to any of your roles. If you are using preset roles provided by LaunchDarkly, you can choose when to update your preset roles to the latest versions. To learn how, read Update organization roles and Update project roles.

This table describes new actions that have been added to LaunchDarkly recently:

Resource	New actions	Learn more	Date introduced
`proj/:view/`	`linkSegmentToView`, `unlinkSegmentFromView`	View actions	October 2025
`proj/:metric/`	`updateArchived`	Metric actions	October 2025
`proj/:release-policy/`	`createReleasePolicy`, `deleteReleasePolicy`, `updateReleasePolicy`, `updateReleasePolicyRank`	Release policies actions	September 2025
`proj/:aiconfig/`	`applyApprovalRequest`, `createApprovalRequest`, `deleteApprovalRequest`, `reviewApprovalRequest`, `updateApprovalRequest`	AI Config actions	August 2025
`proj/:env/ :productAnalyticsDashboard/*`	`createProductAnalyticsDashboard`, `deleteProductAnalyticsDashboard`, `updateProductAnalyticsDashboard`, `viewProductAnalyticsDashboard`	Product analytics dashboard actions	August 2025
`proj/:ai-tool/`	`createAITool`, `updateAITool`, `deleteAITool`	AI tool actions	August 2025
`proj/:metric-group/`	`createGuardrailMetricGroup`, `deleteGuardrailMetricGroup`, `updateGuardrailMetricGroup Name`, `updateGuardrailMetricGroup Description`, `updateGuardrailMetricGroup Tags`, `updateGuardrailMetricGroup Maintainer`, `updateGuardrailMetricGroup Metrics`	Guardrail metrics group actions	July 2025
`proj/:view/`	`createView`, `deleteView`, `updateView`, `viewView`, `linkFlagToView`, `unlinkFlagFromView`	View actions	July 2025
`proj/:metric/`	`updateFilters`	Metric actions	June 2025
`proj/:env/:aiconfig/*`	`updateAIConfigTargeting`	AI Config actions	June 2025
`proj/:env/:segment/*`	`createSegmentExport`	Segment actions	May 2025
`proj/:ai-model-config/`	`addAIRestrictedModel`, `deleteAIRestrictedModel`	AI model config actions	April 2025
`acct`	`updatePresetBundleVersion`	Account actions	April 2025
`member/*`	`updateMemberRoleAttributes`	Member actions	January 2025
`proj/:ai-model-config/`	`createAIModelConfig`, `deleteAIModelConfig`	AI model config actions	January 2025
`proj/:env/:holdout/*`	`updateHoldoutMethodology`	Holdout actions	December 2024
`acct`	`createAnnouncement`, `deleteAnnouncement`, `updateAnnouncement`	Account actions	December 2024
`proj/:env/:aiconfig/*`	`createAIConfig`, `deleteAIConfig`, `deleteAIConfigVariation`, `updateAIConfig`, `updateAIConfigVariation`	AI Config actions	December 2024
`proj/:env/:segment/*`	`applyApprovalRequest`, `createApprovalRequest`, `deleteApprovalRequest`, `reviewApprovalRequest`, `updateApprovalRequest`	Segment actions	November 2024
`application/*`	`updateApplicationMaintainer`	Application actions	October 2024

Actions reference

These are all the actions you can take, sorted by each resource type.

When you create a policy using the policy builder, actions relevant to the resource scope you’ve selected automatically appear in the policy builder:

The "Actions" and "Select actions" menus when defining a policy.

When you create a policy using the advanced editor, you can specify actions individually, or in bulk using glob syntax and wildcards. For example, you can describe all modifications to feature flags with the action specifier update*.

Account actions

Expand Account actions

acct is a top-level resource. A code sample is below:

Account resource

acct

This table explains available account actions:

Action	Description
`createAnnouncement`	Create an announcement for the account.
`createSamlConfig`	Create a new SAML configuration for the account.
`createScimConfig`	Create a new SCIM configuration for the account.
`deleteAccount`	Delete the account.
`deleteAccountToken`	Delete account tokens (for the LaunchDarkly REST API. This is a legacy action and may have inconsistent performance. Instead, we recommend you use `deleteAccessToken`.
`deleteAnnouncement`	Delete an announcement for the account.
`deleteSamlConfig`	Delete the SAML configuration for the account.
`deleteScimConfig`	Delete the SCIM configuration for the account.
`deleteSubscription`	Cancel the account plan.
`getPaymentCard`	Get the credit card for the account.
`revokeSessions`	Revoke sessions issued before a specified date.
`updateAccountToken`	Reset account tokens (for the LaunchDarkly REST API).
`updateAnnouncement`	Update an announcement for the account.
`updateBillingContact`	Update the billing contact for the account.
`updateOrganization`	Update the organization name.
`updatePaymentCard`	Change the credit card for the account.
`updatePresetBundleVersion`	Change the version of the predefined role bundle. This updates all preset roles to the specified version.
`updateRequireMfa`	Change whether multi-factor authentication (MFA) is required for all members on the account.
`updateSamlDecryptionEnabled`	Enable or disable decryption for incoming SAML assertions for the account.
`updateSamlDefaultRole`	Update the default role given to members when SAML doesn’t specify one.
`updateSamlEnabled`	Enable or disable SAML SSO for the account.
`updateSamlLogoutUrl`	Update the SAML logout URL for the account.
`updateSamlRequestSigningEnabled`	Enable or disable signing outgoing SAML requests.
`updateSamlRequireSso`	Change whether SSO must be used for authentication.
`updateSamlSsoUrl`	Update the SAML SSO URL for the account.
`updateSamlX509Certificate`	Update the SAML X509 certificate for the account.
`updateSamlX509KeystoreId`	Update the SAML X509 identifier for the account.
`updateSessionDuration`	Change the duration of sessions.
`updateSessionRefresh`	Change whether sessions are refreshed automatically.
`updateSubscription`	Change the pricing plan for the account.

Account ownership actions

This table explains available account ownership actions:

updateAccountOwner Update the account owner.

AI Config actions

Expand AI Config actions

aiconfig is a child of both a project and an environment. The code example below grants permission to update targeting rules for all AI Configs across all projects and environments.

AI Config resource

proj/*:env/*:aiconfig/*

This table explains available AI Config actions related to settings and targeting changes:

Action	Description
`createAIConfig`	Create a new AI Config.
`deleteAIConfig`	Delete an AI Config.
`deleteAIConfigVariation`	Delete an AI Config variation.
`updateAIConfig`	Update an AI Config.
`updateAIConfigTargeting`	Update an AI Config’s targeting rules in an environment.
`updateAIConfigVariation`	Update an AI Config variation.

This table explains AI Config actions related to collaboration:

Action	Description
`applyApprovalRequest`	Apply the requested changes after the request is approved.
`createApprovalRequest`	Create an approval request.
`deleteApprovalRequest`	Delete an approval request.
`reviewApprovalRequest`	Review an approval request.
`updateApprovalRequest`	Update an approval request.

AI tool actions

Expand AI tool actions

ai-tool is a child resource of a project. A code sample is below:

Flag resource

proj/*:ai-tool/*

This table explains available AI tool actions:

Action	Description
`createAITool`	Create a new AI tool.
`updateAITool`	Modify an existing AI tool.
`deleteAITool`	Delete an AI tool.

AI model config actions

Expand AI model config actions

ai-model-config is a child resource of both a project and an environment. A code sample is below:

AI model config resource

proj/*:ai-model-config/*

This table explains available AI model config actions:

Action	Description
`addAIRestrictedModel`	Add an AI model to the restricted list.
`createAIModelConfig`	Create a new AI model config.
`deleteAIModelConfig`	Delete an AI model config.
`deleteAIRestrictedModel`	Delete an AI model from the restricted list.

Application actions

Expand Application actions

application is a top-level resource. A code sample is below:

Application resource

application/*

This table explains available application actions:

Action	Description
`createApplication`	Create a new application.
`deleteApplication`	Delete an application.
`updateApplicationDescription`	Change an application’s description.
`updateApplicationKind`	Change an application’s kind.
`updateApplicationMaintainer`	Change an application’s maintainer.

Application version actions

Expand Application version actions

application version is a child resource of applications. A code sample is below:

Application version resource

application/*

This table explains available application version actions:

Action	Description
`createApplicationVersion`	Create a new application version.
`deleteApplicationVersion`	Delete an application version.
`updateApplicationVersionName`	Change the application version name.
`updateApplicationVersionSupport`	Change whether an application version is supported or not.

Code reference actions

Expand Code reference actions

code-reference-repository is a top-level resource. A code sample is below:

Code references resource

code-reference-repository/*

To learn more, read Code references.

This table explains available code reference actions:

Action	Description
`createCodeRefsRepository`	Connect a Git repository.
`deleteCodeRefsRepository`	Delete a Git repository connection.
`updateCodeRefsRepositoryBranches`	Update the stored branch data for a Git repository connection.
`updateCodeRefsRepositoryConfiguration`	Update a Git repository connection configuration.
`updateCodeRefsRepositoryName`	Update a Git repository connection name.
`updateCodeRefsRepositoryOn`	Flip the on/off status of a Git repository connection.

Context kind actions

Expand Context kind actions

context-kind is a child of a project. A code sample is below:

Context resource

proj/*:context-kind/*

To learn more, read Context kinds.

This table explains available context kind actions:

Action	Description
`createContextKind`	Create a context kind.
`updateContextKind`	Update a context kind.
`updateAvailabilityForExperiments`	Update whether a context kind is available for experiments and guarded rollouts, and whether that context kind is the project’s default for experiments and guarded rollouts.

Destination actions

Expand Destination actions

destination is a child of both a project and an environment. A code sample is below:

Destination resource

proj/*:env/*:destination/*

To learn more, read Data Export.

This table explains available Data Export destinations actions:

Action	Description
`createDestination`	Create a new Data Export destination.
`deleteDestination`	Delete a Data Export destination.
`updateConfiguration`	Change a Data Export destination.
`updateName`	Change the name of a Data Export destination.
`updateOn`	Flip the on/off status of a Data Export destination.

Domain verification actions

Expand Domain verification actions

domain-verification is a top-level resource. A code sample is below:

Domain verification resource

domain-verification/*

To learn more, read Domain verification.

This table explains available domain verification kind actions:

Action	Description
`createDomainVerification`	Create a new domain verification.
`deleteDomainVerification`	Remove a domain verification.
`updateDomainVerification`	Update a domain verification.

Environment actions

Expand Environment actions

env is a child of a project. A code sample is below:

Environment resource

proj/*:env/*

To learn more, read Environments.

This table explains available environment actions:

Action	Description
`createEnvironment`	Create new environments.
`deleteEnvironment`	Delete an existing environment.
`deleteContextInstance`	Delete a context’s instances.
`importEventData`	Import event data using the API for Importing metric events.
`updateApiKey`	Reset the SDK key for an environment.
`updateApprovalSettings`	Configure the approval settings for an environment.
`updateColor`	Change the color swatch for an environment.
`updateConfirmChanges`	Require environment confirmation for changes to flags and segments.
`updateCritical`	Change whether the environment is considered critical.
`updateDefaultTrackEvents`	Turn on sending detailed information for new flags by default.
`updateMobileKey`	Reset the mobile key for an environment.
`updateName`	Change the name of an environment.
`updateRequireComments`	Require comments for changes to flags and segments.
`updateSecureMode`	Turn secure mode on or off for an environment.
`updateTags`	Update tags associated with an environment.
`updateTtl`	Change the TTL for an environment.
`viewSdkKey`	View the server-side SDK key. All custom roles can take this action by default. If set to `deny`, anyone impacted by this policy can neither view nor reset SDK keys.

More information about viewSdkKey

The deny effect in the viewSdkKey action hides the server-side SDK key you specify from the member. However, the allow effect for the same resource and action pairing doesn’t do anything. Your LaunchDarkly member does not need explicit permission to view the keys, because all custom roles can view all environments in a LaunchDarkly instance by default.

Experiment actions

Expand Experiment actions

experiment is a child of both a project and an environment. A code sample is below:

Experiment resource

proj/*:env/*:experiment/*

To learn more, read Experimentation.

This table explains available experiment actions:

Action	Description
`createExperiment`	Create an experiment or multi-armed bandit.
`updateExperiment`	Start, stop, or edit an existing experiment or multi-armed bandit.
`updateExperimentArchived`	Archive an experiment or multi-armed bandit.

Feature flag actions

Expand Feature flag actions

flag is a child of both a project and an environment. A code sample is below:

Flag resource

proj/*:env/*:flag/*

To learn more, read Creating new flags.

Some feature flag actions affect only the current environment. Other feature flag actions affect all environments in a project.

This table explains feature flag actions related to targeting changes. Unless otherwise specified, these actions affect only the current environment:

Action	Description
`stopMeasuredRolloutOnFlagFallthrough`	Stop a guarded rollout on a flag’s default rule.
`stopMeasuredRolloutOnFlagRule`	Stop a guarded rollout on a flag’s custom rule.
`updateExpiringTargets`	Change a flag’s expiring individual context targeting rules.
`updateFallthrough`	Update the default rule, also called the “fallthrough” rule.
`updateFallthroughWithMeasuredRollout`	Start a guarded rollout on a flag’s default rule.
`updateFeatureWorkflows`	Change a flag’s release management workflows.
`updateMeasuredRolloutConfiguration`	Attach metrics to a flag for use with guarded rollouts.
`updateOffVariation`	Update the variation returned when flag is toggled off.
`updateOn`	Toggle a flag’s targeting on or off.
`updatePrerequisites`	Update flag prerequisites.
`updateRules`	Update custom targeting rules.
`updateRulesWithMeasuredRollout`	Start a guarded rollout on a flag’s custom rule.
`updateScheduledChanges`	Create, edit, and delete the scheduled updates for a flag.
`updateTargets`	Update individual context targeting rules.

This table explains feature flag actions related to flag settings. Each of these actions affects all environments in a project:

Action	Description
`addReleasePipeline`	Add a flag to a release pipeline.
`createFlag`	Create a flag.
`deleteFlag`	Delete a flag.
`removeReleasePipeline`	Remove a flag from a release pipeline.
`replaceReleasePipeline`	Move a flag to a different release pipeline.
`updateClientSideFlagAvailability`	Change whether the flag is available to client-side SDKs.
`updateDescription`	Change the description of a flag.
`updateDeprecated`	Change whether a flag is deprecated.
`updateFlagConfigMigrationSettings`	Update a feature flag’s consistency check ratio.
`updateFlagCustomProperties`	Update custom properties attached to a flag.
`updateFlagDefaultVariations`	Change the default flag variations used by newly-created environments for a flag.
`updateFlagVariations`	Change the flag’s variations.
`updateGlobalArchived`	Change whether a flag is archived.
`updateIncludeInSnippet`	Change whether the flag is available to front-end code with the JavaScript SDK.
`updateName`	Change the name of a flag.
`updateTags`	Update tags associated with a flag.
`updateTemporary`	Mark a flag temporary or permanent.

This table explains feature flag actions related to environment-specific settings:

Action	Description
`createTriggers`	Create a new trigger.
`deleteTriggers`	Delete a trigger.
`updateFlagSalt`	Update a flag’s salt.
`updateTrackEvents`	Change whether to send detailed event information for a flag in a given environment.
`updateTriggers`	Update an existing trigger.

This table explains feature flag actions related to collaboration:

Action	Description
`applyApprovalRequest`	Apply the requested changes after the request is approved.
`bypassRequiredApproval`	Bypass required approvals for flags in the environment. (You cannot bypass required approvals for segments.)
`createApprovalRequest`	Create an approval request.
`createFlagLink`	Create a flag link.
`deleteApprovalRequest`	Delete an approval request.
`deleteFlagLink`	Delete a flag link. This affects all environments in a project.
`manageFlagFollowers`	Manage the list of members who receive flag change notifications.
`reviewApprovalRequest`	Review an approval request.
`updateApprovalRequest`	Update an approval request.
`updateMaintainer`	Update the flag maintainer. This affects all environments in a project.
`updateFlagLink`	Update a flag link. This affects all environments in a project.

This table explains feature flag actions related to other flag changes:

Action	Description
`cloneFlag`	Create a new flag with settings based on an existing flag. To clone a flag, members need to have the `cloneFlag` permission on the source flag, as well as the `createFlag` permission for the new flag. This affects all environments in a project.
`copyFlagConfigFrom`	Copy settings from a flag.
`copyFlagConfigTo`	Copy settings to a flag.
`updateExpiringTargets`	Change a flag’s expiring individual context targeting rules.
`updateFlagRuleDescription`	Change the description of a flag’s custom targeting rules.
`updateReleasePhaseStatus`	Update a release phase status.

Holdout actions

Expand Holdout actions

holdout is a child of both a project and an environment. A code sample is below:

Holdout resource

proj/*:env/*:holdout/*

To learn more, read Holdouts.

This table explains available holdout actions:

Action	Description
`addExperimentToHoldout`	Add an experiment to a holdout.
`createHoldout`	Create a holdout.
`removeExperimentFromHoldout`	Remove an experiment from a holdout.
`updateHoldoutDescription`	Update the description of a holdout.
`updateHoldoutMethodology`	Update the statistical method for a holdout.
`updateHoldoutName`	Update the name of a holdout.
`updateHoldoutStatus`	Update the status of a holdout.
`updateHoldoutRandomizationUnit`	Update the randomization unit of a holdout.

Integration actions

Expand Integration actions

Most third-party integrations use a shared set of custom role actions.

integration is a top-level resource. A code sample is below:

Integration resource

integration/*

To learn more, read Integrations.

This table explains available integration actions:

Action	Description
`createIntegration`	Create and configure new third-party integrations.
`deleteIntegration`	Delete existing third-party integrations.
`updateConfiguration`	Modify existing third-party integration configurations.
`updateName`	Change the name of third-party integration configurations.
`updateOn`	Enable and disable existing third-party integrations.
`validateConnection`	Validate the third-party connection.

Layer actions

Expand Layer actions

layer is a child of a project. A code sample is below:

Experiment resource

proj/*:layer/*

To learn more, read Mutually exclusive experiments.

This table explains available layer actions:

Action	Description
`createLayer`	Create a layer.
`updateLayer`	Update a layer’s name or description.
`updateLayerConfiguration`	Update a layer’s audience allocation.

Member actions

Expand Member actions

member is a top-level resource. A code sample is below:

Member resource

member/*

To learn more, read Members.

This table explains available member actions:

Action	Description
`approveDomainMatchedMember`	Approve a join request from a domain-matched member. To learn more, read Enabling domain matching.
`createMember`	Add a new account member to an account.
`deleteMember`	Remove an account member from an account.
`sendMfaRecoveryCode`	Send an account member their MFA recovery code.
`sendMfaRequest`	Send an account member a request to enable MFA.
`updateCustomRole`	Update an account member’s custom roles.
`updateMemberRoleAttributes`	Update a team member’s role attributes.
`updateRole`	Update an account member’s role.

Metric actions

Expand Metric actions

metric is a child of a project. A code sample is below:

Metric resource

proj/*:metric/*

To learn more, read Metrics.

This table explains available metric actions:

Action	Description
`createMetric`	Create a new metric.
`deleteMetric`	Delete a metric that has been archived and is no longer in use.
`updateArchived`	Archive a metric or restore an archived metric.
`updateDescription`	Change the description of a metric.
`updateEventDefault`	Changes a metric’s handling for units without events.
`updateEventKey`	Change the event key for a custom metric.
`updateFilters`	Update the filters for a custom metric.
`updateMaintainer`	Change the metric’s maintainer.
`updateName`	Change the name of a metric.
`updateNumeric`	Mark a custom metric as numeric or non-numeric.
`updateNumericSuccess`	Update the success criteria for a numeric custom metric.
`updateNumericUnit`	Update the unit displayed in results for a numeric custom metric.
`updateOn`	Mark a metric as active or inactive.
`updateRandomizationUnits`	Change the randomization units for a metric.
`updateSelector`	Update the CSS selector for a click conversion metric.
`updateTags`	Change the tags associated with a metric.
`updateUnitAggregationType`	Change a metric’s aggregation method.
`updateUrls`	Update the URLs for a click conversion or page view conversion metric.

Metric group actions

Expand Metric group actions

metric-group is a child of a project. Guardrail metrics groups are a type of metric group, but have their own actions.

A code sample is below:

Metric group resource

proj/*:metric-group/*

To learn more, read Metric groups.

This table explains available metric group actions:

Action	Description
`createMetricGroup`	Create a metric group.
`deleteMetricGroup`	Delete a metric group.
`updateMetricGroupName`	Change a metric group’s name.
`updateMetricGroupDescription`	Change a metric group’s description.
`updateMetricGroupTags`	Change the tags associated with a metric group.
`updateMetricGroupMaintainer`	Change a metric group’s maintainer.
`updateMetricGroupMetrics`	Change the metrics in a metric group.

Guardrail metrics group actions

This table explains available guardrail metrics group actions:

Action	Description
`createGuardrailMetricGroup`	Create a new guardrail metrics group.
`deleteGuardrailMetricGroup`	Delete a guardrail metrics group.
`updateGuardrailMetricGroupName`	Change a guardrail metrics group’s name.
`updateGuardrailMetricGroupDescription`	Change a guardrail metrics group’s description.
`updateGuardrailMetricGroupTags`	Change the tags associated with a guardrail metrics group.
`updateGuardrailMetricGroupMaintainer`	Change a guardrail metrics group’s maintainer.
`updateGuardrailMetricGroupMetrics`	Change the metrics in a guardrail metrics group.

Pending request actions

Expand Pending request actions

pending-request is a top-level resource. A code sample is below:

Pending requests resource

pending-request/*

To learn more, read Accept pending requests.

This table explains available personal access token actions:

Action	Description
`updatePendingRequest`	Update pending request. Accept or decline requests for new members to join your account.

Personal access token actions

Expand Personal access token actions

token is a child of a member. A code sample is below:

Token resource

member/*:token/*

To learn more, read API access tokens.

This table explains available personal access token actions:

Action	Description
`createAccessToken`	Create a personal access token. All custom roles can take this action by default.
`deleteAccessToken`	Delete a personal access token.
`resetAccessToken`	Reset a personal access token’s secret key.
`updateAccessTokenDescription`	Change the description of a personal access token.
`updateAccessTokenName`	Change the name of a personal access token.
`updateAccessTokenPolicy`	Change the policy filter of a personal access token.

Product analytics dashboard actions

Expand Product analytics dashboard actions

productAnalyticsDashboard is a child of both a project and an environment. A code sample is below:

Product analytics dashboard resource

proj/*:env/*:productAnalyticsDashboard/*

To learn more, read Product analytics.

This table explains available product analytics dashboard actions:

Action	Description
`createProductAnalyticsDashboard`	Create a new dashboard or new content inside existing dashboards. Also enables the shortcut for creating a new chart.
`deleteProductAnalyticsDashboard`	Delete a product analytics dashboard and its contents.
`updateProductAnalyticsDashboard`	Update a product analytics dashboard and its contents.
`viewProductAnalyticsDashboard`	View a product analytics dashboard and its contents.

Project actions

Expand Project actions

proj is a top-level resource. A code sample is below:

Project resource

proj/*

To learn more, read Projects.

This table explains available project actions:

Action	Description
`createProject`	Create a new project.
`deleteProject`	Delete a project.
`updateDefaultClientSideAvailability`	Change whether new flags are made available to client-side SDKs.
`updateDefaultReleasePipeline`	Change the default release pipeline for a project.
`updateIncludeInSnippetByDefault`	Change whether new flags are made available to the JavaScript SDK by default.
`updateProjectFlagDefaults`	Update the default flag settings for a project.
`updateProjectName`	Rename a project.
`updateTags`	Update tags associated with a project.
`viewProject`	View a project. For roles created after October 2024, and for roles with this action set to `deny`, anyone impacted by the policy can neither view nor modify a project.

More information about viewProject

Starting in October 2024, all new roles start with no access. This means the roles cannot take any actions on any resources. Make sure to add explicit permission to view projects to any roles that you create.

Older custom roles may have read-only access to all resources by default. This is because roles created prior to October 2024 had the option to use the Reader base role as their starting point, rather than starting with no access.

To learn more, read Project roles and Create private projects with custom roles.

Relay Proxy configuration actions

Expand Relay Proxy configuration actions

relay-proxy-config is a top-level resource for which you can allow or deny certain actions.

Here is an example:

Relay Proxy configuration resource

relay-proxy-config/*

To learn more, read Automatic configuration.

This table explains available Relay Proxy automatic configuration actions:

Action	Description
`createRelayAutoConfiguration`	Create a Relay Proxy with automatic configuration enabled.
`deleteRelayAutoConfiguration`	Delete the Relay Proxy with automatic configuration enabled.
`resetRelayAutoConfiguration`	Reset the configuration of the Relay Proxy with automatic configuration enabled.
`updateRelayAutoConfigurationName`	Change the Relay Proxy with automatic configuration’s name.
`updateRelayAutoConfigurationPolicy`	Change the policies associated with the Relay Proxy with automatic configuration.

Release pipeline actions

Expand Release pipeline actions

release-pipeline is a child of a project. A code sample is below:

Release pipeline resource

proj/*:release-pipeline/*

This table explains available release pipeline actions:

Action	Description
`createReleasePipeline`	Create a new release pipeline.
`deleteReleasePipeline`	Delete a release pipeline.
`updateReleasePipelineDescription`	Change the description of a release pipeline.
`updateReleasePipelineName`	Change the name of a release pipeline.
`updateReleasePipelinePhase`	Update release pipeline phase and audience values.
`updateReleasePipelinePhaseName`	Change the name of one phase in a release pipeline.
`updateReleasePipelineTags`	Change the tags on a release pipeline.

Release policies actions

Expand release policies actions

release-policy is a child of a project.

Release policy resource

proj/*:release-policy/*

To learn more, read Release policies.

This table explains available release policies actions:

Action	Description
`createReleasePolicy`	Create a new release policy.
`deleteReleasePolicy`	Delete a release policy.
`updateReleasePolicy`	Update a release policy.
`updateReleasePolicyRank`	Update a release policy’s priority.

Role actions

Expand Role actions

role is a top-level resource. A code sample is below:

Role resource

role/*

To learn more, read Roles.

This table explains available role actions:

Action	Description
`createRole`	Create new custom roles.
`deleteRole`	Delete a custom role.
`updateBasePermissions`	Update a custom role’s base permissions. This only applies to roles created before October 2024.
`updateDescription`	Update a custom role’s description.
`updateMembers`	Add or remove members from a custom role. Equivalent to `updateCustomRole` on account members.
`updateName`	Update a custom role’s name.
`updatePolicy`	Update a custom role’s policy.
`updateTokens`	Change the policy filter of a personal access token. Equivalent to `updateAccessTokenPolicy` on personal access tokens.

Segment actions

Expand Segment actions

segment is a child of both a project and an environment. A code sample is below:

Segment resource

proj/*:env/*:segment/*

To learn more, read Segments.

This table explains available segments actions:

Action	Description
`applyApprovalRequest`	Apply an approved approval request for a segment.
`createApprovalRequest`	Request approval on changes for a segment.
`createSegment`	Create new segments.
`createSegmentExport`	Export a list-based segment.
`deleteApprovalRequest`	Delete an approval request for a segment.
`deleteSegment`	Delete segments.
`reviewApprovalRequest`	Review changes on an approval request for a segment.
`updateApprovalRequest`	Update an approval request for a segment.
`updateDescription`	Update a segment’s description.
`updateExcluded`	Change a segment’s excluded contexts.
`updateExpiringTargets`	Change a segment’s expiring individual context targeting rules.
`updateIncluded`	Change a segment’s included contexts.
`updateName`	Change the name of a segment.
`updateRules`	Change a segment’s custom targeting rules.
`updateScheduledChanges`	Change the scheduled updates on a segment.
`updateTags`	Change the tags associated with a segment.

Service access token actions

Expand Service access token actions

service-token is a top-level resource. A code sample is below:

Service token resource

service-token/*

To learn more, read API access tokens.

This table explains available service access token actions:

Action	Description
`createAccessToken`	Create a service access token. All custom roles can take this action by default.
`deleteAccessToken`	Delete a service access token.
`resetAccessToken`	Reset a service access token’s secret key.
`updateAccessTokenDescription`	Change the description of a service access token.
`updateAccessTokenName`	Change the name of a service access token.

Team actions

Expand Team actions

team is a top-level resource. A code sample is below:

Team resource

team/*

To learn more, read Teams.

This table explains available team actions:

Action	Description
`createTeam`	Create a new team.
`deleteTeam`	Delete a team.
`updateTeamCustomRoles`	Add or remove custom roles from a team.
`updateTeamDescription`	Update the description of a team.
`updateTeamMembers`	Add or remove members to or from a team.
`updateTeamName`	Change the name of a team.
`updateTeamPermissionGrants`	Update a team’s permission grants. Permission grants can be added or removed using the REST API.
`viewTeam`	If set to deny, anyone impacted by this policy can neither view nor modify a team.

More information about the viewTeam action

The deny effect for your resource in the viewTeam action hides the teams you specify from the member. The allow effect for the same resource and action pairing doesn’t do anything because your account member can already view the team.

To learn more, read Create private teams.

Template actions

Expand Template actions

template is a top-level resource. A code sample is below:

Template resource

template/*

To learn more, read Workflow templates.

This table explains available workflow template actions:

Action	Description
`createTemplate`	Create a new template.
`deleteTemplate`	Delete a template.
`viewTemplate`	If set to deny, anyone impacted by this policy can neither view nor modify a template.

View actions

Expand View actions

view is a child of a project. A code sample is below:

View resource

proj/*:view/*

To learn more, review Views.

This table explains available view actions:

Action	Description
`createView`	Create a new view.
`deleteView`	Delete a view.
`linkFlagToView`	Link a flag to a view.
`linkSegmentToView`	Link a segment to a view.
`unlinkFlagFromView`	Unlink a flag from a view.
`unlinkSegmentFromView`	Unlink a segment from a view.
`updateView`	Update a view.
`viewView`	View a view.

Webhook actions

Expand Webhook actions

webhook is a top-level resource. A code sample is below:

Webhook resource

webhook/*

To learn more, read Webhooks.

This table explains available webhooks actions:

Action	Description
`createWebhook`	Create new webhooks.
`deleteWebhook`	Delete existing webhooks.
`updateName`	Change the name of webhook configurations.
`updateOn`	Enable and disable existing webhooks.
`updateQuery`	Modify webhook query.
`updateSecret`	Modify an existing webhook’s signing secret.
`updateStatements`	Modify webhook policy statements.
`updateTags`	Modify webhook tags.
`updateUrl`	Change the URL for a webhook.