No results for ""
EXPAND ALL
  • Home
  • API docs

GIVE DOCS FEEDBACK

Using actions

Read time: 20 minutes
Last edited: Jun 04, 2024

Overview

This topic explains how to use actions in custom roles policies. It includes tables with all supported actions and details about them. These actions are scoped by resource type.

Actions represent changes you can make to resources, such as createFlag, deleteFlag, updateName, and more.

To learn more about how actions work within custom role policies, read Custom role concepts.

Recently added actions

When new features are added to LaunchDarkly, there may be new associated actions. We recommend reviewing these actions periodically to determine if they should be added to any of your custom roles.

This table describes new actions that have been added to LaunchDarkly recently:

ResourceNew actionsLearn moreDate introduced
proj/*updateDefaultReleasePipelineProject actionsMay 2024
proj/*:release-pipeline/*updateReleasePhaseStatusRelease pipeline actionsMay 2024
pending-requestsupdatePendingRequestPending request actionsMay 2024
proj/*:env/*:flag/*stopMeasuredRolloutOnFlagFallthrough, stopMeasuredRolloutOnFlagRuleFeature flag actionsMay 2024
proj/*:env/*:flag/*replaceReleasePipelineFeature flag actionsApril 2024
acctupdateSamlDecryptionEnabledAccount actionsMarch 2024
acctupdateSamlX509KeystoreIdAccount actionsMarch 2024
envupdateCriticalEnvironment actionsFebruary 2024
domain-verification/*createDomainVerification, deleteDomainVerification, updateDomainVerificationDomain verificationFebruary 2024
proj/*:metric/*updateUnitAggregationType, updateEventDefaultMetric actionsJanuary 2024

Actions reference

These are all the actions you can take, sorted by each resource type.

You can specify actions in bulk using glob syntax and wildcards. For example, you can describe all modifications to feature flags with the action specifier update*.

Account actions

Expand Account actions

acct is a top-level resource. A code sample is below:

acct

This table explains available account actions:

ActionDescription
createSamlConfigCreate a new SAML configuration for the account.
createScimConfigCreate a new SCIM configuration for the account.
deleteAccountDelete the account.
deleteAccountToken

Delete account tokens (for the LaunchDarkly REST API). This is a legacy action and may have inconsistent performance. Instead, we recommend you use deleteAccessToken.

deleteSamlConfigDelete the SAML configuration for the account.
deleteScimConfigDelete the SCIM configuration for the account.
deleteSubscriptionCancel the account plan.
getPaymentCardGet the credit card for the account.
revokeSessionsRevoke sessions issued before a specified date.
updateAccountToken

Reset account tokens (for the LaunchDarkly REST API).

updateBillingContactUpdate the billing contact for the account.
updateOrganizationUpdate the organization name.
updatePaymentCardChange the credit card for the account.
updateRequireMfa

Change whether multi-factor authentication (MFA) is required for all members on the account.

updateSamlDecryptionEnabledEnable or disable decryption for incoming SAML assertions for the account.
updateSamlDefaultRoleUpdate the default role given to members when SAML doesn't specify one.
updateSamlEnabledEnable or disable SAML SSO for the account.
updateSamlLogoutUrlUpdate the SAML logout URL for the account.
updateSamlRequireSsoChange whether SSO must be used for authentication.
updateSamlSsoUrlUpdate the SAML SSO URL for the account.
updateSamlX509CertificateUpdate the SAML X509 certificate for the account.
updateSamlX509KeystoreIdUpdate the SAML X509 identifier for the account.
updateSessionDurationChange the duration of sessions.
updateSessionRefreshChange whether sessions are refreshed automatically.
updateSubscriptionChange the pricing plan for the account.

Account ownership actions

This table explains available account ownership actions:

updateAccountOwnerUpdate the account owner.

Application actions

Expand Application actions

application is a top-level resource. A code sample is below:

application/*

This table explains available application actions:

ActionDescription
createApplicationCreate a new application.
createApplicationVersionCreate a new application version.
deleteApplicationDelete an application.
deleteApplicationVersionDelete an application version.
updateApplicationDescriptionChange an application's description.
updateApplicationKindChange an application's kind.
updateApplicationVersionSupportChange whether an application version is supported or not.

Code reference actions

Expand Code reference actions

code-reference-repository is a top-level resource. A code sample is below:

code-reference-repository/*

To learn more, read Code references.

This table explains available code reference actions:

ActionDescription
createCodeRefsRepositoryConnect a Git repository.
deleteCodeRefsRepositoryDelete a Git repository connection.
updateCodeRefsRepositoryBranchesUpdate the stored branch data for a Git repository connection.
updateCodeRefsRepositoryConfigurationUpdate a Git repository connection configuration.
updateCodeRefsRepositoryNameUpdate a Git repository connection name.
updateCodeRefsRepositoryOnFlip the on/off status of a Git repository connection.

Context kind actions

Expand Context kind actions

context-kind is a child of a project. A code sample is below:

proj/*:context-kind/*

To learn more, read Context kinds.

This table explains available context kind actions:

ActionDescription
createContextKindCreate a context kind.
updateContextKindUpdate a context kind.
updateAvailabilityForExperiments

Update whether a context kind is available for experiments, the standard randomization that it maps to, and whether it's the project's default.

Destination actions

Expand Destination actions

destination is a child of both a project and environments. A code sample is below:

proj/*:env/*:destination/*

To learn more, read Data Export.

This table explains available Data Export destinations actions:

ActionDescription
createDestinationCreate a new Data Export destination.
deleteDestinationDelete a Data Export destination.
updateConfigurationChange a Data Export destination.
updateNameChange the name of a Data Export destination.
updateOnFlip the on/off status of a Data Export destination.

Domain verification actions

Expand Domain verification actions

domain-verification is a top-level resource. A code sample is below:

domain-verification/*

To learn more, read Domain verification.

This table explains available domain verification kind actions:

ActionDescription
createDomainVerificationCreate a new domain verification.
deleteDomainVerificationRemove a domain verification.
updateDomainVerification

Update a domain verification.

Environment actions

Expand Environment actions

env is a child resource of projects. A code sample is below:

proj/*:env/*

To learn more, read Environments.

This table explains available environments actions:

ActionDescription
createEnvironmentCreate new environments.
deleteEnvironmentDelete an existing environment.
deleteContextInstanceDelete a context's instances.
importEventData

Import event data using the API for Importing metric events.

updateApiKeyReset the SDK key for an environment.
updateApprovalSettingsConfigure the approval settings for an environment.
updateColorChange the color swatch for an environment.
updateConfirmChangesRequire environment confirmation for changes to flags and segments.
updateCriticalChange whether the environment is considered critical.
updateDefaultTrackEventsTurn on sending detailed information for new flags by default.
updateMobileKeyReset the mobile key for an environment.
updateNameChange the name of an environment.
updateRequireCommentsRequire comments for changes to flags and segments.
updateSecureModeTurn secure mode on or off for an environment.
updateTagsUpdate tags associated with an environment.
updateTtlChange the TTL for an environment.
viewSdkKey

View the server-side SDK key. All custom roles can take this action by default. If set to deny, anyone impacted by this policy can neither view nor reset SDK keys.

More information about viewSdkKey

The deny effect in the viewSdkKey action hides the server-side SDK key you specify from the member. However, the allow effect for the same resource and action pairing doesn't do anything. Your LaunchDarkly member does not need explicit permission to view the keys, because all custom roles can view all environments in a LaunchDarkly instance by default.

Experiment actions

Expand Experiment actions

experiment is a child of both a project and environments. A code sample is below:

proj/*:env/*:experiment/*

To learn more, read Experimentation.

This table explains available experiment actions:

ActionDescription
createExperimentCreate an experiment.
updateExperimentStart, stop, or edit an existing experiment.
updateExperimentArchivedArchive an experiment.

Feature flag actions

Expand Feature flag actions

flag is a child of both a project and environments. A code sample is below:

proj/*:env/*:flag/*

To learn more, read Creating new flags.

Some feature flag actions affect only the current environment. Other feature flag actions affect all environments in a project.

This table explains feature flag actions related to targeting changes. Unless otherwise specified, these actions affect only the current environment:

ActionDescription
stopMeasuredRolloutOnFlagFallthroughStop a guarded rollout on a flag's default rule.
stopMeasuredRolloutOnFlagRuleStop a guarded rollout on a flag's custom rule.
updateExpiringTargetsChange a flag's expiring individual context targeting rules.
updateFallthroughUpdate the default rule, also called the "fallthrough" rule.
updateFallthroughWithMeasuredRolloutStart a guarded rollout on a flag's default rule.
updateFeatureWorkflowsChange a flag's release management workflows.
updateMeasuredRolloutConfigurationAttach metrics to a flag for use with guarded rollouts.
updateOffVariationUpdate the variation returned when flag is toggled off.
updateOnToggle a flag's targeting on or off.
updatePrerequisitesUpdate flag prerequisites.
updateRulesUpdate custom targeting rules.
updateRulesWithMeasuredRolloutStart a guarded rollout on a flag's custom rule.
updateScheduledChangesCreate, edit, and delete the scheduled updates for a flag.
updateTargetsUpdate individual context targeting rules.

This table explains feature flag actions related to flag settings. Each of these actions affect all environments in a project:

ActionDescription
addReleasePipelineAdd a flag to a release pipeline.
createFlagCreate a flag.
deleteFlagDelete a flag.
removeReleasePipelineRemove a flag from a release pipeline.
replaceReleasePipelineMove a flag to a different release pipeline.
updateClientSideFlagAvailabilityChange whether the flag is available to client-side SDKs.
updateDescriptionChange the description of a flag.
updateDeprecatedChange whether a flag is deprecated.
updateFlagConfigMigrationSettingsUpdate a feature flag's consistency check ratio.
updateFlagCustomPropertiesUpdate custom properties attached to a flag.
updateFlagDefaultVariationsChange the default flag variations used by newly-created environments for a flag.
updateFlagVariationsChange the flag's variations.
updateGlobalArchivedChange whether a flag is archived.
updateIncludeInSnippet

Change whether the flag is available to front-end code with the JavaScript SDK.

updateNameChange the name of a flag.
updateTagsUpdate tags associated with a flag.
updateTemporaryMark a flag temporary or permanent.

This table explains feature flag actions related to environment-specific settings:

ActionDescription
createTriggersCreate a new trigger.
deleteTriggersDelete a trigger.
updateFlagSaltUpdate a flag's salt.
updateTrackEventsChange whether to send detailed event information for a flag in a given environment.
updateTriggersUpdate an existing trigger.

This table explains feature flag actions related to collaboration:

ActionDescription
applyApprovalRequestApply an approved approval request for a flag.
bypassRequiredApprovalBypass required approvals in the environment.
createApprovalRequestCreate an approval request for a flag.
createFlagLinkCreate a flag link.
deleteApprovalRequestDelete an approval request for a flag.
deleteFlagLinkDelete a flag link. This affects all environments in a project.
manageFlagFollowersManage the list of members who receive flag change notifications.
reviewApprovalRequestReview an approval request for a flag.
updateMaintainerUpdate the flag maintainer. This affects all environments in a project.
updateFlagLinkUpdate a flag link. This affects all environments in a project.

This table explains feature flag actions related to other flag changes:

ActionDescription
cloneFlag

Create a new flag with settings based on an existing flag. To clone a flag, members need to have the cloneFlag permission on the source flag, as well as the createFlag permission for the new flag. This affects all environments in a project.

copyFlagConfigFromCopy settings from a flag.
copyFlagConfigToCopy settings to a flag.
updateExpiringTargetsChange a flag's expiring individual context targeting rules.
updateFlagRuleDescriptionChange the description of a flag's custom targeting rules.

Integration actions

Expand Integration actions

Most third-party integrations use a shared set of custom role actions.

integration is a top-level resource. A code sample is below:

integration/*

To learn more, read Integrations.

This table explains available integrations actions:

ActionDescription
createIntegrationCreate and configure new third-party integrations.
deleteIntegrationDelete existing third-party integrations.
updateConfigurationModify existing third-party integration configurations.
updateNameChange the name of third-party integration configurations.
updateOnEnable and disabled existing third-party integrations.
validateConnectionValidate the third-party connection.

Member actions

Expand Member actions

member is a top-level resource. A code sample is below:

member/*

To learn more, read Manage account members.

This table explains available member actions:

ActionDescription
approveDomainMatchedMemberApprove a join request from a domain-matched member. To learn more, read Enabling domain matching.
createMemberAdd a new account member to an account.
deleteMemberRemove an account member from an account.
sendMfaRecoveryCodeSend an account member their MFA recovery code.
sendMfaRequestSend an account member a request to enable MFA.
updateCustomRoleUpdate an account member's custom roles.
updateRoleUpdate an account member's built-in role.

Metric actions

Expand Metric actions

metric is a child resource of projects. A code sample is below:

proj/*:metric/*

To learn more, read Experimentation.

This table explains available metric actions:

ActionDescription
createMetricCreate metrics.
deleteMetricDelete metrics.
updateDescriptionChange the description of a metric.
updateEventDefaultChanges a metric's handling for units without events.
updateEventKeyChange the event key for a custom metric.
updateMaintainerChange the metric's maintainer.
updateNameChange the name of a metric.
updateNumericMark a custom metric as numeric or non-numeric.
updateNumericSuccessUpdate the success criteria for a numeric custom metric.
updateNumericUnitUpdate the unit displayed in results for a numeric custom metric.
updateOnMark a metric as active or inactive.
updateRandomizationUnitsChange the randomization units for a metric.
updateSelectorUpdate the CSS selector for a click conversion metric.
updateTagsChange the tags associated with a metric.
updateUnitAggregationTypeChange a metric's aggregation method.
updateUrlsUpdate the URLs for a click conversion or page view conversion metric.

Metric group actions

Expand Metric group actions

metric-group is a child resource of projects. A code sample is below:

proj/*:metric-group/*

To learn more, read Metric groups.

This table explains available metric group actions:

ActionDescription
createMetricGroupCreate a metric group.
deleteMetricGroupDelete a metric group.
updateMetricGroupNameUpdate a metric group name.
updateMetricGroupDescriptionUpdate a metric group description.
updateMetricGroupTagsUpdate a metric group's tags.
updateMetricGroupMaintainerUpdate a metric group's maintainer.
updateMetricGroupMetricsUpdate a metric group's included metrics.

Pending request actions

Expand Pending request actions

pending-requests is a top-level resource. A code sample is below:

pending-requests

To learn more, read Accept pending requests.

This table explains available personal access token actions:

ActionDescription
updatePendingRequestUpdate pending request. Accept or decline requests for new members to join your account.

Personal access token actions

Expand Personal access token actions

token is a child resource of members. A code sample is below:

member/*:token/*

To learn more, read API access tokens.

This table explains available personal access token actions:

ActionDescription
createAccessTokenCreate a personal access token. All custom roles can take this action by default.
deleteAccessTokenDelete a personal access token.
resetAccessTokenReset a personal access token's secret key.
updateAccessTokenDescriptionChange the description of a personal access token.
updateAccessTokenNameChange the name of a personal access token.
updateAccessTokenPolicyChange the policy filter of a personal access token.

Project actions

Expand Project actions

proj is a top-level resource. A code sample is below:

proj/*

To learn more, read Projects.

This table explains available project actions:

ActionDescription
createProjectCreate a new project.
deleteProjectDelete a project.
updateDefaultClientSideAvailabilityChange whether new flags are made available to client-side SDKs.
updateDefaultReleasePipelineChange the default release pipeline for a project.
updateIncludeInSnippetByDefaultChange whether new flags are made available to the JavaScript SDK by default.
updateProjectFlagDefaultsUpdate the default flag settings for a project.
updateProjectNameRename a project.
updateTagsUpdate tags associated with a project.
viewProject

View a project. All custom roles can take this action by default. If set to deny, anyone impacted by this policy can neither view nor modify a project.

More information about viewProject

The deny effect in the viewProject action hides the projects you specify from the member. However, the allow effect for the same resource and action pairing doesn't do anything. Your LaunchDarkly member does not need explicit permission to view the project, because all custom roles can view all projects in a LaunchDarkly instance by default.

To learn more, read Configuring private projects with custom roles.

Relay Proxy configuration actions

Expand Relay Proxy configuration actions

relay-proxy-config is a top-level resource for which you can allow or deny certain actions.

Here is an example:

relay-proxy-config/*

To learn more, read Automatic configuration.

This table explains available Relay Proxy automatic configuration actions:

ActionDescription
createRelayAutoConfigurationCreate a Relay Proxy with automatic configuration enabled.
deleteRelayAutoConfigurationDelete the Relay Proxy with automatic configuration enabled.
resetRelayAutoConfigurationReset the configuration of the Relay Proxy with automatic configuration enabled.
updateRelayAutoConfigurationNameChange the Relay Proxy with automatic configuration's name.
updateRelayAutoConfigurationPolicyChange the policies associated with the Relay Proxy with automatic configuration.

Release pipeline actions

Expand Release pipeline actions

release-pipeline is a child of project. A code sample is below:

proj/*:release-pipeline/*

This table explains available release pipeline actions:

ActionDescription
createReleasePipelineCreate a new release pipeline.
deleteReleasePipelineDelete a release pipeline.
updateReleasePhaseStatusUpdate a release phase status.
updateReleasePipelineDescriptionChange the description of a release pipeline.
updateReleasePipelineNameChange the name of a release pipeline.
updateReleasePipelinePhaseNameChange the name of one phase in a release pipeline.
updateReleasePipelineTagsChange the tags on a release pipeline.

Role actions

Expand Role actions

role is a top-level resource. A code sample is below:

role/*

To learn more, read Custom roles.

This table explains available role actions:

ActionDescription
createRoleCreate new custom roles.
deleteRoleDelete a custom role.
updateBasePermissionsUpdate a custom role's base permissions. To learn more, read About starting roles.
updateDescriptionUpdate a custom role's description.
updateMembers

Add or remove members from a custom role. Equivalent to updateCustomRole on account members.

updateNameUpdate a custom role's name.
updatePolicyUpdate a custom role's policy.
updateTokensChange the policy filter of a personal access token. Equivalent to updateAccessTokenPolicy on personal access tokens.

Segment actions

Expand Segment actions

segment is a child of both a project and environments. A code sample is below:

proj/*:env/*:segment/*

To learn more, read Segments.

This table explains available segments actions:

ActionDescription
createSegmentCreate new segments.
deleteSegmentDelete segments.
updateDescriptionUpdate a segment's description.
updateExcludedChange a segment's excluded contexts.
updateExpiringTargetsChange a segment's expiring individual context targeting rules.
updateIncludedChange a segment's included contexts.
updateNameChange the name of a segment.
updateRulesChange a segment's custom targeting rules.
updateScheduledChangesChange the scheduled updates on a segment.
updateTagsChange the tags associated with a segment.

Service access token actions

Expand Service access token actions

service-token is a top-level resource. A code sample is below:

service-token/*

To learn more, read API access tokens.

This table explains available service access token actions:

ActionDescription
createAccessTokenCreate a service access token. All custom roles can take this action by default.
deleteAccessTokenDelete a service access token.
resetAccessTokenReset a service access token's secret key.
updateAccessTokenDescriptionChange the description of a service access token.
updateAccessTokenNameChange the name of a service access token.

Team actions

Expand Team actions

team is a top-level resource. A code sample is below:

team/*

To learn more, read Teams.

This table explains available team actions:

ActionDescription
createTeamCreate a new team.
deleteTeamDelete a team.
updateTeamCustomRolesAdd or remove custom roles from a team.
updateTeamDescriptionUpdate the description of a team.
updateTeamMembersAdd or remove members to or from a team.
updateTeamNameChange the name of a team.
updateTeamPermissionGrantsUpdate a team's permission grants. Permission grants can be added or removed using the REST API.
viewTeamIf set to deny, anyone impacted by this policy can neither view nor modify a team.
More information about the viewTeam action

The deny effect for your resource in the viewTeam action hides the teams you specify from the member. The allow effect for the same resource and action pairing doesn't do anything because your account member can already view the team.

To learn more, read Create private teams.

Template actions

Expand Template actions

template is a top-level resource. A code sample is below:

template/*

To learn more, read Workflow templates.

This table explains available workflow template actions:

ActionDescription
createTemplateCreate a new template.
deleteTemplateDelete a template.
viewTemplateIf set to deny, anyone impacted by this policy can neither view nor modify a template.

Webhook actions

Expand Webhook actions

webhook is a top-level resource. A code sample is below:

webhook/*

To learn more, read Webhooks.

This table explains available webhooks actions:

ActionDescription
createWebhookCreate new webhooks.
deleteWebhookDelete existing webhooks.
updateNameChange the name of webhook configurations.
updateOnEnable and disabled existing webhooks.
updateQueryModify webhook query.
updateSecretModify an existing webhook's signing secret.
updateStatementsModify webhook policy statements.
updateTagsModify webhook tags.
updateUrlChange the URL for a webhook.