Using actions
Read time: 22 minutes
Last edited: Nov 08, 2024
Overview
This topic explains how to use actions in custom roles policies. It includes tables with all supported actions and details about them. These actions are scoped by resource type.
Actions represent changes you can make to resources, such as createFlag, deleteFlag, updateName, and more.
To learn more about how actions work within custom role policies, read Custom role concepts.
Recently added actions
When new features are added to LaunchDarkly, there may be new associated actions. We recommend reviewing these actions periodically to determine if they should be added to any of your custom roles.
This table describes new actions that have been added to LaunchDarkly recently:
| Resource | New actions | Learn more | Date introduced |
|---|---|---|---|
| proj/*:aiconfig/* | createAIConfig, deleteAIConfig, deleteAIConfigVersion, publishAIConfigVersion, updateAIConfig, updateAIConfigVersion | AI config actions | November 2024 |
| proj/*:env/*:segment/* | applyApprovalRequest, createApprovalRequest, deleteApprovalRequest, reviewApprovalRequest, updateApprovalRequest | Segment actions | November 2024 |
| application/* | updateApplicationMaintainer | Application actions | October 2024 |
| proj/*:env/*:flag/* | updateApprovalRequest | Feature flag actions | August 2024 |
| release-pipeline | updateReleasePipelinePhase | Release pipeline actions | August 2024 |
| acct | updateSamlRequestSigningEnabled | Account actions | July 2024 |
proj/*:env/*:holdout/* | addExperimentToHoldout, createHoldout, removeExperimentFromHoldout, updateHoldoutDescription, updateHoldoutName, updateHoldoutStatus, updateHoldoutRandomizationUnit | Holdout actions | July 2024 |
proj/*:layer/* | createLayer, updateLayer, updateLayerConfiguration | Layer actions | July 2024 |
| proj/* | updateDefaultReleasePipeline | Project actions | May 2024 |
proj/:env/:flag/* | updateReleasePhaseStatus | Feature flag actions | May 2024 |
pending-request | updatePendingRequest | Pending request actions | May 2024 |
proj/*:env/*:flag/* | stopMeasuredRolloutOnFlagFallthrough, stopMeasuredRolloutOnFlagRule | Feature flag actions | May 2024 |
proj/*:env/*:flag/* | replaceReleasePipeline | Feature flag actions | April 2024 |
| acct | updateSamlDecryptionEnabled | Account actions | March 2024 |
| acct | updateSamlX509KeystoreId | Account actions | March 2024 |
| env | updateCritical | Environment actions | February 2024 |
| domain-verification/* | createDomainVerification, deleteDomainVerification, updateDomainVerification | Domain verification | February 2024 |
proj/*:metric/* | updateUnitAggregationType, updateEventDefault | Metric actions | January 2024 |
Actions reference
These are all the actions you can take, sorted by each resource type.
You can specify actions in bulk using glob syntax and wildcards. For example, you can describe all modifications to feature flags with the action specifier update*.
Account actions
Expand Account actions
acct is a top-level resource. A code sample is below:
acct
This table explains available account actions:
| Action | Description |
|---|---|
createSamlConfig | Create a new SAML configuration for the account. |
createScimConfig | Create a new SCIM configuration for the account. |
deleteAccount | Delete the account. |
deleteAccountToken | Delete account tokens (for the
LaunchDarkly REST API). This is a legacy action and may have inconsistent performance. Instead, we recommend you use |
deleteSamlConfig | Delete the SAML configuration for the account. |
deleteScimConfig | Delete the SCIM configuration for the account. |
deleteSubscription | Cancel the account plan. |
getPaymentCard | Get the credit card for the account. |
revokeSessions | Revoke sessions issued before a specified date. |
updateAccountToken | Reset account tokens (for the LaunchDarkly REST API). |
updateBillingContact | Update the billing contact for the account. |
updateOrganization | Update the organization name. |
updatePaymentCard | Change the credit card for the account. |
updateRequireMfa | Change whether multi-factor authentication (MFA) is required for all members on the account. |
updateSamlDecryptionEnabled | Enable or disable decryption for incoming SAML assertions for the account. |
updateSamlDefaultRole | Update the default role given to members when SAML doesn't specify one. |
updateSamlEnabled | Enable or disable SAML SSO for the account. |
updateSamlLogoutUrl | Update the SAML logout URL for the account. |
updateSamlRequestSigningEnabled | Enable or disable signing outgoing SAML requests. |
updateSamlRequireSso | Change whether SSO must be used for authentication. |
updateSamlSsoUrl | Update the SAML SSO URL for the account. |
updateSamlX509Certificate | Update the SAML X509 certificate for the account. |
updateSamlX509KeystoreId | Update the SAML X509 identifier for the account. |
updateSessionDuration | Change the duration of sessions. |
updateSessionRefresh | Change whether sessions are refreshed automatically. |
updateSubscription | Change the pricing plan for the account. |
Account ownership actions
This table explains available account ownership actions:
updateAccountOwner | Update the account owner. |
AI config actions
Expand AI config actions
aiconfig is a child resources of projects. A code sample is below:
proj/*:aiconfig/*
This table explains available AI config actions:
| Action | Description |
|---|---|
createAIConfig | Create a new AI config. |
deleteAIConfig | Delete an AI config. |
deleteAIConfigVersion | Delete an AI config version. |
publishAIConfigVersion | Save or discard an AI config version. |
updateAIConfig | Update the name, description, and tags for an AI config. |
updateAIConfigVersion | Edit an AI config's versions. |
Application actions
Expand Application actions
application is a top-level resource. A code sample is below:
application/*
This table explains available application actions:
| Action | Description |
|---|---|
createApplication | Create a new application. |
createApplicationVersion | Create a new application version. |
deleteApplication | Delete an application. |
deleteApplicationVersion | Delete an application version. |
updateApplicationDescription | Change an application's description. |
updateApplicationKind | Change an application's kind. |
updateApplicationMaintainer | Change an application's maintainer. |
updateApplicationVersionSupport | Change whether an application version is supported or not. |
Code reference actions
Expand Code reference actions
code-reference-repository is a top-level resource. A code sample is below:
code-reference-repository/*
To learn more, read Code references.
This table explains available code reference actions:
| Action | Description |
|---|---|
createCodeRefsRepository | Connect a Git repository. |
deleteCodeRefsRepository | Delete a Git repository connection. |
updateCodeRefsRepositoryBranches | Update the stored branch data for a Git repository connection. |
updateCodeRefsRepositoryConfiguration | Update a Git repository connection configuration. |
updateCodeRefsRepositoryName | Update a Git repository connection name. |
updateCodeRefsRepositoryOn | Flip the on/off status of a Git repository connection. |
Context kind actions
Expand Context kind actions
context-kind is a child of a project. A code sample is below:
proj/*:context-kind/*
To learn more, read Context kinds.
This table explains available context kind actions:
| Action | Description |
|---|---|
createContextKind | Create a context kind. |
updateContextKind | Update a context kind. |
updateAvailabilityForExperiments | Update whether a context kind is available for experiments, the standard randomization that it maps to, and whether it's the project's default. |
Destination actions
Expand Destination actions
destination is a child of both a project and environments. A code sample is below:
proj/*:env/*:destination/*
To learn more, read Data Export.
This table explains available Data Export destinations actions:
| Action | Description |
|---|---|
createDestination | Create a new Data Export destination. |
deleteDestination | Delete a Data Export destination. |
updateConfiguration | Change a Data Export destination. |
updateName | Change the name of a Data Export destination. |
updateOn | Flip the on/off status of a Data Export destination. |
Domain verification actions
Expand Domain verification actions
domain-verification is a top-level resource. A code sample is below:
domain-verification/*
To learn more, read Domain verification.
This table explains available domain verification kind actions:
| Action | Description |
|---|---|
createDomainVerification | Create a new domain verification. |
deleteDomainVerification | Remove a domain verification. |
updateDomainVerification | Update a domain verification. |
Environment actions
Expand Environment actions
env is a child resource of projects. A code sample is below:
proj/*:env/*
To learn more, read Environments.
This table explains available environments actions:
| Action | Description |
|---|---|
createEnvironment | Create new environments. |
deleteEnvironment | Delete an existing environment. |
deleteContextInstance | Delete a context's instances. |
importEventData | Import event data using the API for Importing metric events. |
updateApiKey | Reset the SDK key for an environment. |
updateApprovalSettings | Configure the approval settings for an environment. |
updateColor | Change the color swatch for an environment. |
updateConfirmChanges | Require environment confirmation for changes to flags and segments. |
updateCritical | Change whether the environment is considered critical. |
updateDefaultTrackEvents | Turn on sending detailed information for new flags by default. |
updateMobileKey | Reset the mobile key for an environment. |
updateName | Change the name of an environment. |
updateRequireComments | Require comments for changes to flags and segments. |
updateSecureMode | Turn secure mode on or off for an environment. |
updateTags | Update tags associated with an environment. |
updateTtl | Change the TTL for an environment. |
viewSdkKey | View the server-side SDK key. All custom roles can take this action by default. If set to |
The deny effect in the viewSdkKey action hides the server-side SDK key you specify from the member. However, the allow effect for the same resource and action pairing doesn't do anything. Your LaunchDarkly member does not need explicit permission to view the keys, because all custom roles can view all environments in a LaunchDarkly instance by default.
Experiment actions
Expand Experiment actions
experiment is a child of both a project and environments. A code sample is below:
proj/*:env/*:experiment/*
To learn more, read Experimentation.
This table explains available experiment actions:
| Action | Description |
|---|---|
createExperiment | Create an experiment. |
updateExperiment | Start, stop, or edit an existing experiment. |
updateExperimentArchived | Archive an experiment. |
Layer actions
Expand Layer actions
layer is a child of a project. A code sample is below:
proj/*:layer/*
To learn more, read Mutually exclusive experiments.
This table explains available layer actions:
| Action | Description |
|---|---|
createLayer | Create a layer. |
updateLayer | Update a layer's name or description. |
updateLayerConfiguration | Update a layer's audience allocation. |
Feature flag actions
Expand Feature flag actions
flag is a child of both a project and environments. A code sample is below:
proj/*:env/*:flag/*
To learn more, read Creating new flags.
Some feature flag actions affect only the current environment. Other feature flag actions affect all environments in a project.
This table explains feature flag actions related to targeting changes. Unless otherwise specified, these actions affect only the current environment:
| Action | Description |
|---|---|
stopMeasuredRolloutOnFlagFallthrough | Stop a guarded rollout on a flag's default rule. |
stopMeasuredRolloutOnFlagRule | Stop a guarded rollout on a flag's custom rule. |
updateExpiringTargets | Change a flag's expiring individual context targeting rules. |
updateFallthrough | Update the default rule, also called the "fallthrough" rule. |
updateFallthroughWithMeasuredRollout | Start a guarded rollout on a flag's default rule. |
updateFeatureWorkflows | Change a flag's release management workflows. |
updateMeasuredRolloutConfiguration | Attach metrics to a flag for use with guarded rollouts. |
updateOffVariation | Update the variation returned when flag is toggled off. |
updateOn | Toggle a flag's targeting on or off. |
updatePrerequisites | Update flag prerequisites. |
updateRules | Update custom targeting rules. |
updateRulesWithMeasuredRollout | Start a guarded rollout on a flag's custom rule. |
updateScheduledChanges | Create, edit, and delete the scheduled updates for a flag. |
updateTargets | Update individual context targeting rules. |
This table explains feature flag actions related to flag settings. Each of these actions affect all environments in a project:
| Action | Description |
|---|---|
addReleasePipeline | Add a flag to a release pipeline. |
createFlag | Create a flag. |
deleteFlag | Delete a flag. |
removeReleasePipeline | Remove a flag from a release pipeline. |
replaceReleasePipeline | Move a flag to a different release pipeline. |
updateClientSideFlagAvailability | Change whether the flag is available to client-side SDKs. |
updateDescription | Change the description of a flag. |
updateDeprecated | Change whether a flag is deprecated. |
updateFlagConfigMigrationSettings | Update a feature flag's consistency check ratio. |
updateFlagCustomProperties | Update custom properties attached to a flag. |
updateFlagDefaultVariations | Change the default flag variations used by newly-created environments for a flag. |
updateFlagVariations | Change the flag's variations. |
updateGlobalArchived | Change whether a flag is archived. |
updateIncludeInSnippet | Change whether the flag is available to front-end code with the JavaScript SDK. |
updateName | Change the name of a flag. |
updateTags | Update tags associated with a flag. |
updateTemporary | Mark a flag temporary or permanent. |
This table explains feature flag actions related to environment-specific settings:
| Action | Description |
|---|---|
createTriggers | Create a new trigger. |
deleteTriggers | Delete a trigger. |
updateFlagSalt | Update a flag's salt. |
updateTrackEvents | Change whether to send detailed event information for a flag in a given environment. |
updateTriggers | Update an existing trigger. |
This table explains feature flag actions related to collaboration:
| Action | Description |
|---|---|
applyApprovalRequest | Apply the requested changes after the request is approved. |
bypassRequiredApproval | Bypass required approvals for flags in the environment. (You cannot bypass required approvals for segments.) |
createApprovalRequest | Create an approval request. |
createFlagLink | Create a flag link. |
deleteApprovalRequest | Delete an approval request. |
deleteFlagLink | Delete a flag link. This affects all environments in a project. |
manageFlagFollowers | Manage the list of members who receive flag change notifications. |
reviewApprovalRequest | Review an approval request. |
updateApprovalRequest | Update an approval request. |
updateMaintainer | Update the flag maintainer. This affects all environments in a project. |
updateFlagLink | Update a flag link. This affects all environments in a project. |
This table explains feature flag actions related to other flag changes:
| Action | Description |
|---|---|
cloneFlag | Create a new flag with settings based on an existing flag. To clone a flag, members need to have the
|
copyFlagConfigFrom | Copy settings from a flag. |
copyFlagConfigTo | Copy settings to a flag. |
updateExpiringTargets | Change a flag's expiring individual context targeting rules. |
updateFlagRuleDescription | Change the description of a flag's custom targeting rules. |
updateReleasePhaseStatus | Update a release phase status. |
Holdout actions
Expand Holdout actions
holdout is a child of both a project and an environment. A code sample is below:
proj/*:env/*:holdout/*
To learn more, read Holdouts.
This table explains available holdout actions:
| Action | Description |
|---|---|
addExperimentToHoldout | Add an experiment to a holdout. |
createHoldout | Create a holdout. |
removeExperimentFromHoldout | Remove an experiment from a holdout. |
updateHoldoutDescription | Update the description of a holdout. |
updateHoldoutName | Update the name of a holdout. |
updateHoldoutStatus | Update the status of a holdout. |
updateHoldoutRandomizationUnit | Update the randomization unit of a holdout. |
Integration actions
Expand Integration actions
Most third-party integrations use a shared set of custom role actions.
integration is a top-level resource. A code sample is below:
integration/*
To learn more, read Integrations.
This table explains available integrations actions:
| Action | Description |
|---|---|
createIntegration | Create and configure new third-party integrations. |
deleteIntegration | Delete existing third-party integrations. |
updateConfiguration | Modify existing third-party integration configurations. |
updateName | Change the name of third-party integration configurations. |
updateOn | Enable and disabled existing third-party integrations. |
validateConnection | Validate the third-party connection. |
Member actions
Expand Member actions
member is a top-level resource. A code sample is below:
member/*
To learn more, read Account members.
This table explains available member actions:
| Action | Description |
|---|---|
approveDomainMatchedMember | Approve a join request from a domain-matched member. To learn more, read Enabling domain matching. |
createMember | Add a new account member to an account. |
deleteMember | Remove an account member from an account. |
sendMfaRecoveryCode | Send an account member their MFA recovery code. |
sendMfaRequest | Send an account member a request to enable MFA. |
updateCustomRole | Update an account member's custom roles. |
updateRole | Update an account member's built-in role. |
Metric actions
Expand Metric actions
metric is a child resource of projects. A code sample is below:
proj/*:metric/*
To learn more, read Metrics.
This table explains available metric actions:
| Action | Description |
|---|---|
createMetric | Create metrics. |
deleteMetric | Delete metrics. |
updateDescription | Change the description of a metric. |
updateEventDefault | Changes a metric's handling for units without events. |
updateEventKey | Change the event key for a custom metric. |
updateMaintainer | Change the metric's maintainer. |
updateName | Change the name of a metric. |
updateNumeric | Mark a custom metric as numeric or non-numeric. |
updateNumericSuccess | Update the success criteria for a numeric custom metric. |
updateNumericUnit | Update the unit displayed in results for a numeric custom metric. |
updateOn | Mark a metric as active or inactive. |
updateRandomizationUnits | Change the randomization units for a metric. |
updateSelector | Update the CSS selector for a click conversion metric. |
updateTags | Change the tags associated with a metric. |
updateUnitAggregationType | Change a metric's aggregation method. |
updateUrls | Update the URLs for a click conversion or page view conversion metric. |
Metric group actions
Expand Metric group actions
metric-group is a child resource of projects. A code sample is below:
proj/*:metric-group/*
To learn more, read Metric groups.
This table explains available metric group actions:
| Action | Description |
|---|---|
createMetricGroup | Create a metric group. |
deleteMetricGroup | Delete a metric group. |
updateMetricGroupName | Update a metric group name. |
updateMetricGroupDescription | Update a metric group description. |
updateMetricGroupTags | Update a metric group's tags. |
updateMetricGroupMaintainer | Update a metric group's maintainer. |
updateMetricGroupMetrics | Update a metric group's included metrics. |
Pending request actions
Expand Pending request actions
pending-request is a top-level resource. A code sample is below:
pending-request/*
To learn more, read Accept pending requests.
This table explains available personal access token actions:
| Action | Description |
|---|---|
updatePendingRequest | Update pending request. Accept or decline requests for new members to join your account. |
Personal access token actions
Expand Personal access token actions
token is a child resource of members. A code sample is below:
member/*:token/*
To learn more, read API access tokens.
This table explains available personal access token actions:
| Action | Description |
|---|---|
createAccessToken | Create a personal access token. All custom roles can take this action by default. |
deleteAccessToken | Delete a personal access token. |
resetAccessToken | Reset a personal access token's secret key. |
updateAccessTokenDescription | Change the description of a personal access token. |
updateAccessTokenName | Change the name of a personal access token. |
updateAccessTokenPolicy | Change the policy filter of a personal access token. |
Project actions
Expand Project actions
proj is a top-level resource. A code sample is below:
proj/*
To learn more, read Projects.
This table explains available project actions:
| Action | Description |
|---|---|
createProject | Create a new project. |
deleteProject | Delete a project. |
updateDefaultClientSideAvailability | Change whether new flags are made available to client-side SDKs. |
updateDefaultReleasePipeline | Change the default release pipeline for a project. |
updateIncludeInSnippetByDefault | Change whether new flags are made available to the JavaScript SDK by default. |
updateProjectFlagDefaults | Update the default flag settings for a project. |
updateProjectName | Rename a project. |
updateTags | Update tags associated with a project. |
viewProject | View a project. All custom roles can take this action by default. If set to |
The deny effect in the viewProject action hides the projects you specify from the member. However, the allow effect for the same resource and action pairing doesn't do anything. Your LaunchDarkly member does not need explicit permission to view the project, because all custom roles can view all projects in a LaunchDarkly instance by default.
To learn more, read Create private projects with custom roles.
Relay Proxy configuration actions
Expand Relay Proxy configuration actions
relay-proxy-config is a top-level resource for which you can allow or deny certain actions.
Here is an example:
relay-proxy-config/*
To learn more, read Automatic configuration.
This table explains available Relay Proxy automatic configuration actions:
| Action | Description |
|---|---|
createRelayAutoConfiguration | Create a Relay Proxy with automatic configuration enabled. |
deleteRelayAutoConfiguration | Delete the Relay Proxy with automatic configuration enabled. |
resetRelayAutoConfiguration | Reset the configuration of the Relay Proxy with automatic configuration enabled. |
updateRelayAutoConfigurationName | Change the Relay Proxy with automatic configuration's name. |
updateRelayAutoConfigurationPolicy | Change the policies associated with the Relay Proxy with automatic configuration. |
Release pipeline actions
Expand Release pipeline actions
release-pipeline is a child of project. A code sample is below:
proj/*:release-pipeline/*
This table explains available release pipeline actions:
| Action | Description |
|---|---|
createReleasePipeline | Create a new release pipeline. |
deleteReleasePipeline | Delete a release pipeline. |
updateReleasePipelineDescription | Change the description of a release pipeline. |
updateReleasePipelineName | Change the name of a release pipeline. |
updateReleasePipelinePhase | Update release pipeline phase and audience values. |
updateReleasePipelinePhaseName | Change the name of one phase in a release pipeline. |
updateReleasePipelineTags | Change the tags on a release pipeline. |
Role actions
Expand Role actions
role is a top-level resource. A code sample is below:
role/*
To learn more, read Custom roles.
This table explains available role actions:
| Action | Description |
|---|---|
createRole | Create new custom roles. |
deleteRole | Delete a custom role. |
updateBasePermissions | Update a custom role's base permissions. This only applies to roles created before October 2024. |
updateDescription | Update a custom role's description. |
updateMembers | Add or remove members from a custom role. Equivalent to |
updateName | Update a custom role's name. |
updatePolicy | Update a custom role's policy. |
updateTokens | Change the policy filter of a personal access token. Equivalent to updateAccessTokenPolicy on personal access tokens. |
Segment actions
Expand Segment actions
segment is a child of both a project and environments. A code sample is below:
proj/*:env/*:segment/*
To learn more, read Segments.
This table explains available segments actions:
| Action | Description |
|---|---|
applyApprovalRequest | Apply an approved approval request for a segment. |
createApprovalRequest | Request approval on changes for a segment. |
createSegment | Create new segments. |
deleteApprovalRequest | Delete an approval request for a segment. |
deleteSegment | Delete segments. |
reviewApprovalRequest | Review changes on an approval request for a segment. |
updateApprovalRequest | Update an approval request for a segment. |
updateDescription | Update a segment's description. |
updateExcluded | Change a segment's excluded contexts. |
updateExpiringTargets | Change a segment's expiring individual context targeting rules. |
updateIncluded | Change a segment's included contexts. |
updateName | Change the name of a segment. |
updateRules | Change a segment's custom targeting rules. |
updateScheduledChanges | Change the scheduled updates on a segment. |
updateTags | Change the tags associated with a segment. |
Service access token actions
Expand Service access token actions
service-token is a top-level resource. A code sample is below:
service-token/*
To learn more, read API access tokens.
This table explains available service access token actions:
| Action | Description |
|---|---|
createAccessToken | Create a service access token. All custom roles can take this action by default. |
deleteAccessToken | Delete a service access token. |
resetAccessToken | Reset a service access token's secret key. |
updateAccessTokenDescription | Change the description of a service access token. |
updateAccessTokenName | Change the name of a service access token. |
Team actions
Expand Team actions
team is a top-level resource. A code sample is below:
team/*
To learn more, read Teams.
This table explains available team actions:
| Action | Description |
|---|---|
createTeam | Create a new team. |
deleteTeam | Delete a team. |
updateTeamCustomRoles | Add or remove custom roles from a team. |
updateTeamDescription | Update the description of a team. |
updateTeamMembers | Add or remove members to or from a team. |
updateTeamName | Change the name of a team. |
updateTeamPermissionGrants | Update a team's permission grants. Permission grants can be added or removed using the REST API. |
viewTeam | If set to deny, anyone impacted by this policy can neither view nor modify a team. |
The deny effect for your resource in the viewTeam action hides the teams you specify from the member. The allow effect for the same resource and action pairing doesn't do anything because your account member can already view the team.
To learn more, read Create private teams.
Template actions
Expand Template actions
template is a top-level resource. A code sample is below:
template/*
To learn more, read Workflow templates.
This table explains available workflow template actions:
| Action | Description |
|---|---|
createTemplate | Create a new template. |
deleteTemplate | Delete a template. |
viewTemplate | If set to deny, anyone impacted by this policy can neither view nor modify a template. |
Webhook actions
Expand Webhook actions
webhook is a top-level resource. A code sample is below:
webhook/*
To learn more, read Webhooks.
This table explains available webhooks actions:
| Action | Description |
|---|---|
createWebhook | Create new webhooks. |
deleteWebhook | Delete existing webhooks. |
updateName | Change the name of webhook configurations. |
updateOn | Enable and disabled existing webhooks. |
updateQuery | Modify webhook query. |
updateSecret | Modify an existing webhook's signing secret. |
updateStatements | Modify webhook policy statements. |
updateTags | Modify webhook tags. |
updateUrl | Change the URL for a webhook. |