• HOME
  • INTEGRATIONS
  • SDKS
  • GUIDES
  • API DOCS
No results for ""
EXPAND ALL
CLOSE
launchdarkly.com

EDIT ON GITHUB

Using resources

Read time: 1 minute
Last edited: Oct 22, 2020

Overview

This topic explains how to specify different resources to use with custom roles.

To learn more about how resources are structured within custom role policies, read Custom role concepts.

Understanding the resource specifier syntax

LaunchDarkly uses a resource specifier syntax to name resources or collections of resources. This is a precise, flexible taxonomy that lets you identify and control any resource in your LaunchDarkly project.

The pattern to specify a resource looks like this:

1resource-type/name;tag1,tag2

The example above shows two tags separated by a comma. Tags are optional. If you don't need to use any tags, you can omit the semicolon (;) and all content following.

In the example below, we create a resource that names all of the projects in an account:

1proj/*
Syntax supports wildcards

The resource syntax accepts globs and wildcards, so you can name collections of resources with *. You can also name a specific project by its ID.

In the example below, we name a project by the default ID.

1proj/default

You can name sets of resources down to the tag level.

In the example below, we name all projects with the mobile tag.

1proj/*;mobile

Scoping resources

The term "scoping" refers to identifying resources in relation to other resources and the hieriarchy of permissions that connects them.

Resources can be scoped within parent resources. For example, metrics are scoped within a project, and feature flags are scoped within a project and environment.

Name scoped resources by using the resource syntax structure depicted below.

1resource-type/name;tag1,tag2:resource-type/name;tag3,tag4,tag5

In the following example, we name all feature flags across all environments:

1proj/*:env/*:flag/*

In the example above, proj/*:includes all named projects in the list of results. env/*: includes all environments in the list of results. flag/*: includes all flags in the list of results. This example will return very broad results because of how comprehensive its permissions are.

For a more refined example, we could name all feature flags whose keys start with ops_:

1proj/*:env/*:flag/ops_*

Understanding resource types and scopes

Here is a reference list of all the supported resources in LaunchDarkly, and their scopes:

Resource TypeResource Scope
projTop-level resource. Projects have no parent resource. Write it as proj/*.
envA child resources of projects. Write it as proj/*:env/*.
metricmetric is a child resource of projects. Write it as proj/*:metric/*
membermember is a top-level resource. Write it as member/*
service-tokenservice-token is a top-level resource. Write it as service-token/*.
tokentoken is a child resource of members. Write it as member/*:token/*.
rolerole is a top-level resource. Write it as role/*
flagflag is a child of both a project and environments. Write it as proj/*:env/*:flag/*
segmentsegment is a child of both a project and environments. Write it as proj/*:env/*:segment/*
integrationintegration is a top-level resource. Write it as integration/*
relay-proxy-configrelay-proxy-config is a top-level resource. Write it as relay-proxy-config/*
webhookwebhook is a top-level resource. Write it as webhook/*
useruser is a child of both a project and environments. Write it as proj/*:env/*:user/*
code-reference-repositorycode-reference-repository is a top-level resource. Write it as code-reference-repository/*
destinationdestination is a child of both a project and environments. Write it as proj/*:env/*:destination/*.
acctacct is a unique resource specifier representing modifications to your account itself, such as managing