Using actions

Read time: 3 minutes

Last edited: Mar 20, 2023

Overview

This topic explains how to use actions in custom roles policies. It includes tables with all supported actions and details about them. These actions are scoped by resource type.

Actions represent changes you can make to resources, such as createFlag, deleteFlag, updateName, and more.

To learn more about how actions work within custom role policies, read Custom role concepts.

Actions reference

These are all the actions you can take, sorted by each resource type.

You can specify actions in bulk using glob syntax and wildcards. For example, you can describe all modifications to feature flags with the action specifier update*.

Account actions

Expand Account actions

acct is a top-level resource. A code sample is below:

acct

This table explains available account actions:

Action	Description
`createSamlConfig`	Create a new SAML configuration for the account.
`createScimConfig`	Create a new SCIM configuration for the account.
`deleteAccount`	Delete the account.
`deleteAccountToken`	Delete account tokens (for the LaunchDarkly REST API).
`deleteSamlConfig`	Delete the SAML configuration for the account.
`deleteScimConfig`	Delete the SCIM configuration for the account.
`deleteSubscription`	Cancel the account plan.
`getPaymentCard`	Get the credit card for the account.
`revokeSessions`	Revoke sessions issued before a specified date.
`updateAccountToken`	Reset account tokens (for the LaunchDarkly REST API).
`updateBillingContact`	Update the billing contact for the account.
`updateOrganization`	Update the organization name.
`updatePaymentCard`	Change the credit card for the account.
`updateRequireMfa`	Change whether multi-factor authentication (MFA) is required for all members on the account.
`updateSamlEnabled`	Enable or disable SAML SSO for the account.
`updateSamlRequireSso`	Change whether SSO must be used for authentication.
`updateSamlSsoUrl`	Update the SAML SSO URL for the account.
`updateSamlX509Certificate`	Update the SAML X509 certificate for the account.
`updateSessionDuration`	Change the duration of sessions.
`updateSessionRefresh`	Change whether sessions are refreshed automatically.
`updateSubscription`	Change the pricing plan for the account.

Account ownership actions

This table explains available account ownership actions:

updateAccountOwner Update the account owner.

Code reference actions

Expand Code reference actions

code-reference-repository is a top-level resource. A code sample is below:

code-reference-repository/*

To learn more, read Code references.

This table explains available code reference actions:

Action	Description
`createCodeRefsRepository`	Connect a Git repository.
`deleteCodeRefsRepository`	Delete a Git repository connection.
`updateCodeRefsRepositoryBranches`	Update the stored branch data for a Git repository connection.
`updateCodeRefsRepositoryConfiguration`	Update a Git repository connection configuration.
`updateCodeRefsRepositoryName`	Update a Git repository connection name.
`updateCodeRefsRepositoryOn`	Flip the on/off status of a Git repository connection.

Context kind actions

Expand Context kind actions

context-kind is a child of a project. A code sample is below:

proj/*:context-kind/*

To learn more, read Context kinds.

This table explains available context kind actions:

Action	Description
`createContextKind`	Create a context kind.
`updateContextKind`	Update a context kind.
`updateAvailabilityForExperiments`	Update whether a context kind is available for experiments, the standard randomization that it maps to, and whether it's the project's default.

Destination actions

Expand Destination actions

destination is a child of both a project and environments. A code sample is below:

proj/*:env/*:destination/*

To learn more, read Data Export.

This table explains available destinations actions:

Action	Description
`createDestination`	Create a new Data Export destination.
`deleteDestination`	Delete a Data Export destination.
`updateConfiguration`	Change a Data Export destination.
`updateName`	Change the name of a Data Export destination.
`updateOn`	Flip the on/off status of a Data Export destination.

Environment actions

Expand Environment actions

env is a child resource of projects. A code sample is below:

proj/*:env/*

To learn more, read Environments.

This table explains available environments actions:

Action	Description
`createEnvironment`	Create new environments.
`deleteEnvironment`	Delete an existing environment.
`deleteContextInstance`	Delete a context's instances.
`updateApiKey`	Reset the SDK key for an environment.
`updateApprovalSettings`	Configure the approval settings for an environment.
`updateColor`	Change the color swatch for an environment.
`updateConfirmChanges`	Require environment confirmation for changes to flags and segments.
`updateDefaultTrackEvents`	Turn on sending detailed information for new flags by default.
`updateMobileKey`	Reset the mobile key for an environment.
`updateName`	Change the name of an environment.
`updateRequireComments`	Require comments for changes to flags and segments.
`updateSecureMode`	Turn secure mode on or off for an environment.
`updateTags`	Update tags associated with an environment.
`updateTtl`	Change the TTL for an environment.
`viewSdkKey`	View the server-side SDK key. All custom roles can take this action by default. If set to `deny`, anyone impacted by this policy can neither view nor reset SDK keys.

More information about viewSdkKey

The deny effect in the viewSdkKey action hides the server-side SDK key you specify from the member. However, the allow effect for the same resource and action pairing doesn't do anything. Your LaunchDarkly member does not need explicit permission to view the keys, because all custom roles can view all environments in a LaunchDarkly instance by default.

Experiment actions

Expand experiment actions

experiment is a child of both a project and environments. A code sample is below:

proj/*:env/*:experiment/*

To learn more, read About Experimentation.

This table explains available experiment actions:

Action	Description
`createExperiment`	Create an experiment.
`updateExperiment`	Start, stop, or edit an existing experiment.
`updateExperimentArchived`	Archive an experiment.

Feature flag actions

Expand Feature flag actions

flag is a child of both a project and environments. A code sample is below:

proj/*:env/*:flag/*

To learn more, read Your first feature flag.

Some feature flag actions affect only the current environment. Other feature flag actions affect all environments in a project.

This table explains available feature flag actions that affect only the current environment:

Action	Description
`applyApprovalRequest`	Apply an approved approval request for a flag.
`bypassRequiredApproval`	Bypass required approvals in the environment.
`copyFlagConfigFrom`	Copy settings from a feature flag.
`copyFlagConfigTo`	Copy settings to a feature flag.
`createApprovalRequest`	Create an approval request for a flag.
`createTriggers`	Create a new trigger.
`deleteApprovalRequest`	Delete an approval request for a flag.
`deleteExperimentResults`	Delete legacy experiment results. To learn more, read Legacy experiments.
`deleteFlagAttachedGoalResults`	Reset legacy experiment results for a flag in a given environment. To learn more, read Legacy experiments.
`deleteTriggers`	Delete a trigger.
`reviewApprovalRequest`	Review an approval request for a flag.
`updateApprovalRequest`	Update an existing approval request for a flag.
`updateExperimentActive`	Stop a legacy experiment in an environment. To learn more, read Legacy experiments.
`updateExpiringRules`	Change a flag's expiring custom targeting rules.
`updateExpiringTargets`	Change a flag's expiring individual context targeting rules.
`updateFallthrough`	Update the On default rule, also called the "fallthrough" rule.
`updateFeatureWorkflows`	Change a flag's feature workflows.
`updateFlagFallthroughTrackEvents`	Change whether to send detailed event information for a flag in a given environment when the SDK selects the On default rule, also called the "fallthrough" rule.
`updateFlagRuleDescription`	Update the description for custom targeting rules.
`updateFlagSalt`	Update a feature flag's salt.
`updateOffVariation`	Update the variation returned when flag toggle is set to `off`.
`updateOn`	Toggle a feature flag on or off.
`updatePrerequisites`	Update flag prerequisites.
`updateRules`	Update custom targeting rules.
`updateScheduledChanges`	Change the scheduled updates on a feature flag.
`updateTargets`	Update individual context targeting rules.
`updateTrackEvents`	Change whether to send detailed event information for a flag in a given environment.
`updateTriggers`	Update an existing trigger.
`manageFlagFollowers`	Manage the list of members who receive flag change notifications.

This table explains available feature flag actions that affect all environments within a project:

Action	Description
`cloneFlag`	Create a new flag with settings based on an existing flag. To clone a flag, members need to have the `cloneFlag` permission on the source flag, as well as the `createFlag` permission for the new flag. Impacts all environments in a project.
`createExperiment`	Create a legacy experiment. Impacts all environments in a project. To learn more, read Legacy experiments.
`createFlag`	Create a feature flag. Impacts all environments in a project.
`createFlagLink`	Create a flag link. Impacts all environments in a project.
`deleteExperiment`	Delete a legacy experiment. Impacts all environments in a project. To learn more, read Legacy experiments.
`deleteFlag`	Delete a flag. Impacts all environments in a project.
`deleteFlagLink`	Delete a flag link. Impacts all environments in a project.
`updateAttachedGoals`	Stop a legacy experiment. Impacts all environments in a project. To learn more, read Legacy experiments.
`updateClientSideFlagAvailability`	Change whether the feature flag is available to client-side SDKs. Impacts all environments in a project.
`updateDescription`	Change the description of a feature flag. Impacts all environments in a project.
`updateExperimentBaseline`	Change a flag's baseline variation for a legacy experiment. Impacts all environments in a project. To learn more, read Legacy experiments.
`updateFlagCustomProperties`	Update custom properties attached to a flag. Impacts all environments in a project.
`updateFlagDefaultVariations`	Change the default flag variations used by newly created environments for a feature flag. Impacts all environments in a project.
`updateFlagLink`	Update a flag link. Impacts all environments in a project.
`updateFlagVariations`	Change the flag's variations. Impacts all environments in a project.
`updateGlobalArchived`	Change whether a flag is archived. Impacts all environments in a project.
`updateIncludeInSnippet`	Change whether the feature flag is available to front-end code with the JavaScript SDK. Impacts all environments in a project.
`updateMaintainer`	Update the flag maintainer. Impacts all environments in a project.
`updateName`	Change the name of a feature flag. Impacts all environments in a project.
`updateTags`	Update tags associated with a flag. Impacts all environments in a project.
`updateTemporary`	Marks a flag temporary or permanent. Impacts all environments in a project.

Integration actions

Expand Integration actions

Most third-party integrations use a shared set of custom role actions.

integration is a top-level resource. A code sample is below:

integration/*

To learn more, read Integrations.

This table explains available integrations actions:

Action	Description
`createIntegration`	Create and configure new third-party integrations.
`deleteIntegration`	Delete existing third-party integrations.
`updateConfiguration`	Modify existing third-party integration configurations.
`updateName`	Change the name of third-party integration configurations.
`updateOn`	Enable and disabled existing third-party integrations.
`validateConnection`	Validate the third-party connection.

Member actions

Expand Member actions

member is a top-level resource. A code sample is below:

member/*

To learn more, read LaunchDarkly account members.

This table explains available member actions:

Action	Description
`createMember`	Add a new account member to an account.
`deleteMember`	Remove an account member from an account.
`sendMfaRecoveryCode`	Send an account member their MFA recovery code.
`sendMfaRequest`	Send an account member a request to enable MFA.
`updateCustomRole`	Update an account member's custom roles.
`updateRole`	Update an account member's built-in role.

Metric actions

Expand Metric actions

metric is a child resource of projects. A code sample is below:

proj/*:metric/*

To learn more, read About Experimentation.

This table explains available metric actions:

Action	Description
`createMetric`	Create metrics.
`deleteMetric`	Delete metrics.
`updateDescription`	Change the description of a metric.
`updateEventKey`	Change the event key for a custom metric.
`updateMaintainer`	Change the metric's maintainer.
`updateName`	Change the name of a metric.
`updateNumeric`	Mark a custom metric as numeric or non-numeric.
`updateNumericSuccess`	Update the success criteria for a numeric custom metric.
`updateNumericUnit`	Update the unit displayed in results for a numeric custom metric.
`updateOn`	Mark a metric as active or inactive.
`updateSelector`	Update the CSS selector for a click conversion metric.
`updateTags`	Change the tags associated with a metric.
`updateUrls`	Update the URLs for a click conversion or page view conversion metric.

Personal access token actions

Expand Personal access token actions

token is a child resource of members. A code sample is below:

member/*:token/*

To learn more, read API access tokens.

This table explains available personal access token actions:

Action	Description
`createAccessToken`	Create a personal access token. All custom roles can take this action by default.
`deleteAccessToken`	Delete a personal access token.
`resetAccessToken`	Reset a personal access token's secret key.
`updateAccessTokenDescription`	Change the description of a personal access token.
`updateAccessTokenName`	Change the name of a personal access token.
`updateAccessTokenPolicy`	Change the policy filter of a personal access token.

Project actions

Expand Project actions

proj is a top-level resource. A code sample is below:

proj/*

To learn more, read Projects.

This table explains available project actions:

Action	Description
`createProject`	Create a new project.
`deleteProject`	Delete a project.
`updateDefaultClientSideAvailability`	Change whether new feature flags are made available to client-side SDKs.
`updateIncludeInSnippetByDefault`	Make new flags available to the client-side (JavaScript) SDK by default.
`updateProjectName`	Rename a project.
`updateTags`	Update tags associated with a project.
`viewProject`	View a project. All custom roles can take this action by default. If set to `deny`, anyone impacted by this policy can neither view nor modify a project.

More information about viewProject

The deny effect in the viewProject action hides the projects you specify from the member. However, the allow effect for the same resource and action pairing doesn't do anything. Your LaunchDarkly member does not need explicit permission to view the project, because all custom roles can view all projects in a LaunchDarkly instance by default.

To learn more, read Configuring private projects with custom roles

Relay Proxy configuration actions

Expand Relay Proxy configuration actions

relay-proxy-config is a top-level resource for which you can allow or deny certain actions.

Here is an example:

relay-proxy-config/*

To learn more, read Automatic configuration.

This table explains available Relay Proxy automatic configuration actions:

Action	Description
`createRelayAutoConfiguration`	Create a Relay Proxy with automatic configuration enabled.
`deleteRelayAutoConfiguration`	Delete the Relay Proxy with automatic configuration enabled.
`resetRelayAutoConfiguration`	Reset the configuration of the Relay Proxy with automatic configuration enabled.
`updateRelayAutoConfigurationName`	Change the Relay Proxy with automatic configuration's name.
`updateRelayAutoConfigurationPolicy`	Change the policies associated with the Relay Proxy with automatic configuration.

Role actions

Expand Role actions

role is a top-level resource. A code sample is below:

role/*

To learn more, read Custom roles.

This table explains available role actions:

Action	Description
`createRole`	Create new custom roles.
`deleteRole`	Delete a custom role.
`updateDescription`	Update a custom role's description.
`updateMembers`	Add or remove members from a custom role. Equivalent to `updateCustomRole` on account members.
`updateName`	Update a custom role's name.
`updatePolicy`	Update a custom role's policy.

Segment actions

Expand Segment actions

segment is a child of both a project and environments. A code sample is below:

proj/*:env/*:segment/*

To learn more, read Segments.

This table explains available segments actions:

Action	Description
`createSegment`	Create new segments.
`deleteSegment`	Delete segments.
`updateDescription`	Update a segment's description.
`updateExcluded`	Change a segment's excluded contexts.
`updateExpiringRules`	Change a segment's expiring custom targeting rules.
`updateExpiringTargets`	Change a segment's expiring individual context targeting rules.
`updateIncluded`	Change a segment's included contexts.
`updateName`	Change the name of a segment.
`updateRules`	Change a segment's custom targeting rules.
`updateScheduledChanges`	Change the scheduled updates on a segment.
`updateTags`	Change the tags associated with a segment.

Service access token actions

Expand Service access token actions

service-token is a top-level resource. A code sample is below:

service-token/*

To learn more, read API access tokens.

This table explains available service access token actions:

Action	Description
`createAccessToken`	Create a service access token. All custom roles can take this action by default.
`deleteAccessToken`	Delete a service access token.
`resetAccessToken`	Reset a service access token's secret key.
`updateAccessTokenDescription`	Change the description of a service access token.
`updateAccessTokenName`	Change the name of a service access token.

Team actions

Expand Team actions

team is a top-level resource. A code sample is below:

team/*

To learn more, read Teams.

This table explains available team actions:

Action	Description
`createTeam`	Create a new team.
`deleteTeam`	Delete a team.
`updateTeamCustomRoles`	Add or remove custom roles from a team.
`updateTeamDescription`	Update the description of a team.
`updateTeamMembers`	Add or remove members to or from a team.
`updateTeamName`	Change the name of a team.
`viewTeam`	If set to deny, anyone impacted by this policy can neither view nor modify a team.

More information about the viewTeam action

The deny effect for your resource in the viewTeam action hides the teams you specify from the member. The allow effect for the same resource and action pairing doesn't do anything because your account member can already view the team.

To learn more, read Creating private teams.

Template actions

Expand Template actions

template is a top-level resource. A code sample is below:

template/*

To learn more, read Workflow templates.

This table explains available template actions:

Action	Description
`createTemplate`	Create a new template.
`deleteTemplate`	Delete a template.
`viewTemplate`	If set to deny, anyone impacted by this policy can neither view nor modify a template.

Webhook actions

Expand Webhook actions

webhook is a top-level resource. A code sample is below:

webhook/*

To learn more, read Webhooks.

This table explains available webhooks actions:

Action	Description
`createWebhook`	Create new webhooks.
`deleteWebhook`	Delete existing webhooks.
`updateName`	Change the name of webhook configurations.
`updateOn`	Enable and disabled existing webhooks.
`updateQuery`	Modify webhook query.
`updateSecret`	Modify an existing webhook's signing secret.
`updateStatements`	Modify webhook policy statements.
`updateTags`	Modify webhook tags.
`updateUrl`	Change the URL for a webhook.