Skip to main content

Documentation Index

Fetch the complete documentation index at: https://launchdarkly-preview.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Overview

This topic is a complete reference of all actions that are available to use in role policies. It includes tables with all supported actions and details about them. Each action is scoped to a resource type. Actions represent changes you can make to resources, such as createFlag, deleteFlag, updateName, and more. To learn more about how actions work within role policies, read Member role concepts.

Recently added actions

When new features are added to LaunchDarkly, there may be new associated actions. We recommend reviewing these actions periodically to determine if you want to add them to any of your roles. If you are using preset roles provided by LaunchDarkly, you can choose when to update your preset roles to the latest versions. To learn how, read Update organization roles and Update project roles. This table describes new actions that have been added to LaunchDarkly recently: | Resource | New actions | Learn more
Date introduced
| --- | --- | --- | | acct | createAIEvaluation , deleteAIEvaluation , updateAIEvaluation | AI evaluation actions | April 2026 | | acct | disableIdPManagingTeams , enableIdPManagingTeams | Account actions | February 2026 | | proj/:env/:notification-subscription/* | createNotificationSubscription , deleteNotificationSubscription | Notification subscription actions | February 2026 | | proj/:agent-graph/ | createAgentGraph , updateAgentGraph , deleteAgentGraph | Agent graphs actions | January 2026 | | proj/:metric/ | updateAnalysisType | Metric actions | January 2026 | | proj/* | updateObservabilitySettings | Project actions | December 2025 | | proj/:trace/ | viewTrace | Trace actions | December 2025 | | proj/:log/ | viewLog | Log actions | December 2025 | | proj/:error/ | updateErrorStatus, viewError | Error actions | December 2025 | | proj/:session/ | viewSession | Session actions | December 2025 | | proj/:alert/ | createAlert, deleteAlert, updateAlertOn, updateAlertConfiguration, viewAlert | Alert actions | December 2025 | | proj/:observability-dashboard/ | addObservabilityGraphTo
Dashboard, createObservability
Dashboard, deleteObservability
Dashboard, removeObservabilityGraphFrom
Dashboard, updateObservability
DashboardConfiguration, updateObservabilityGraph
Configuration, updateObservabilitySettings, viewObservability
Dashboard | Observability dashboard actions | December 2025 | | proj/:env/:metric-data-source/* | createMetricDataSource, updateMetricDataSource | Metric data source actions | December 2025 | | proj/* | updateLifecycleSettings | Project actions | November 2025 | | proj/:view/ | linkSegmentToView, unlinkSegmentFromView | View actions | October 2025 | | proj/:metric/ | updateArchived | Metric actions | October 2025 | | proj/:release-policy/ | createReleasePolicy, deleteReleasePolicy, updateReleasePolicy, updateReleasePolicyRank | Release policy actions | September 2025 | | proj/:aiconfig/ | applyApprovalRequest, createApprovalRequest, deleteApprovalRequest, reviewApprovalRequest, updateApprovalRequest | AI Config actions | August 2025 | | proj/:ai-tool/ | createAITool, updateAITool, deleteAITool | AI tool actions | August 2025 | | proj/:metric-group/ | createGuardrailMetricGroup,
deleteGuardrailMetricGroup,
updateGuardrailMetricGroup
Name,
updateGuardrailMetricGroup
Description,
updateGuardrailMetricGroup
Tags,
updateGuardrailMetricGroup
Maintainer,
updateGuardrailMetricGroup
Metrics

Note: Guardrail metric groups are no longer available. Configure release guardrails by adding individual metrics and metric groups to release policies. | Release policies | July 2025 | | proj/:view/ | createView, deleteView, updateView, viewView, linkFlagToView, unlinkFlagFromView | View actions | July 2025 | | proj/:metric/ | updateFilters | Metric actions | June 2025 | | proj/:env/:aiconfig/* | updateAIConfigTargeting | AI Config actions | June 2025 | | proj/:env/:segment/* | createSegmentExport | Segment actions | May 2025 | | proj/:ai-model-config/ | addAIRestrictedModel, deleteAIRestrictedModel | AI model config actions | April 2025 | | acct | updatePresetBundleVersion | Account actions | April 2025 |

Actions reference

These are all the actions you can take, sorted by resource type. When you create a policy using the policy builder, actions relevant to the resource scope you’ve selected automatically appear in the policy builder:
The "Actions" and "Select actions" menus when defining a policy.
When you create a policy using the advanced editor, you can specify actions individually, or in bulk using glob syntax and wildcards. For example, you can describe all modifications to feature flags with the action specifier update*.

Account actions

acct is a top-level resource. A code sample is below:
      acct
This table explains the available account actions:| Action
Description
| --- | | createAnnouncement | Create an announcement for the account. | | createOAuthClient | Create a new OAuth client for the account. | | createSamlConfig | Create a new SAML configuration for the account. | | createSamlEncryptionCertificate | Create a new SAML encryption certificate for the account. | | createScimConfig | Create a new SCIM configuration for the account. | | deleteAccount | Delete the account. | | deleteAccountToken | Delete account tokens for the LaunchDarkly REST API. This is a legacy action and may have inconsistent performance. Instead, we recommend you use deleteAccessToken. | | deleteAnnouncement | Delete an announcement for the account. | | deleteOAuthClient | Delete an OAuth client for the account. | | deleteSamlConfig | Delete the SAML configuration for the account. | | deleteScimConfig | Delete the SCIM configuration for the account. | | deleteSubscription | Cancel the account plan. | | disableIdPManagingTeams | Disable team sync with SCIM. | | enableIdPManagingTeams | Enable team sync with SCIM. | | getPaymentCard | Get the credit card for the account. | | revokeSessions | Revoke sessions issued before a specified date. | | updateAccountToken | Reset account tokens for the LaunchDarkly REST API. | | updateAnnouncement | Update an announcement for the account. | | updateBillingContact | Update the billing contact for the account. | | updateEnableAccountImpersonation | Change whether LaunchDarkly support can impersonate the account as a read-only member. | | updateIsGeneralGenAiEnabled | Change whether LaunchDarkly can use generative AI for general product features on the account. | | updateIsSupportGenAiEnabled | Change whether support-driven automations can use generative AI for the account. | | updateOAuthClient | Update an OAuth client for the account. | | updateOrganization | Update the organization name. | | updatePaymentCard | Change the credit card for the account. | | updatePresetBundleVersion | Change the version of the predefined role bundle. This updates all preset roles to the specified version. | | updateRequireMfa | Change whether multi-factor authentication (MFA) is required for all members on the account. | | updateSamlDecryptionEnabled | Enable or disable decryption for incoming SAML assertions for the account. | | updateSamlDefaultRole | Update the default role given to members when SAML doesn’t specify one. | | updateSamlEnabled | Enable or disable SAML SSO for the account. | | updateSamlLogoutUrl | Update the SAML logout URL for the account. | | updateSamlRequestSigningEnabled | Enable or disable signing outgoing SAML requests. | | updateSamlRequireSso | Change whether SSO must be used for authentication. | | updateSamlSsoUrl | Update the SAML SSO URL for the account. | | updateSamlX509Certificate | Update the SAML X509 certificate for the account. | | updateSamlX509KeystoreId | Update the SAML X509 identifier for the account. | | updateSessionDuration | Change the duration of sessions. | | updateSessionRefresh | Change whether sessions are refreshed automatically. | | updateSubscription | Change the pricing plan for the account. |

Account ownership actions

This table explains the available account ownership actions:| updateAccountOwner
Update the account owner.
| --- |

Agent graphs actions

agent-graph is a child resource of a project. A code sample is below:
      proj/*:agent-graph/*
This table explains the available Agent graphs actions:| Action
Description
| --- | | createAgentGraph | Create a new agent graph. | | updateAgentGraph | Modify an agent graph. | | deleteAgentGraph | Delete an agent graph. |

AI Config actions

aiconfig is a child of both a project and an environment. The code example below grants permission to update targeting rules for all AI Configs across all projects and environments.
      proj/*:env/*:aiconfig/*
This table explains the available AI Config actions related to settings and targeting changes:| Action
Description
| --- | | createAIConfig | Create a new AI Config. | | deleteAIConfig | Delete an AI Config. | | deleteAIConfigVariation | Delete an AI Config variation. | | updateAIConfig | Update an AI Config. | | updateAIConfigTargeting | Update an AI Config’s targeting rules in an environment. | | updateAIConfigVariation | Update an AI Config variation. |This table explains AI Config actions related to collaboration:| Action
Description
| --- | | applyApprovalRequest | Apply the requested changes after the request is approved. | | createApprovalRequest | Create an approval request. | | deleteApprovalRequest | Delete an approval request. | | reviewApprovalRequest | Review an approval request. | | updateApprovalRequest | Update an approval request. |

AI tool actions

ai-tool is a child resource of a project. A code sample is below:
      proj/*:ai-tool/*
This table explains the available AI tool actions:| Action
Description
| --- | | createAITool | Create a new AI tool. | | updateAITool | Modify an existing AI tool. | | deleteAITool | Delete an AI tool. |

AI model config actions

ai-model-config is a child resource of both a project and an environment. A code sample is below:
      proj/*:ai-model-config/*
This table explains the available AI model config actions:| Action
Description
| --- | | addAIRestrictedModel | Add an AI model to the restricted list. | | createAIModelConfig | Create a new AI model config. | | deleteAIModelConfig | Delete an AI model config. | | deleteAIRestrictedModel | Delete an AI model from the restricted list. |

AI evaluation actions

ai-evaluation is a child resource of a project. A code sample is below:
      proj/*:ai-evaluation/*
This table explains the available AI evaluation actions:| Action
Description
| --- | | createAIEvaluation | Create a new AI evaluation or start a new evaluation run. | | deleteAIEvaluation | Delete an AI evaluation or evaluation run. | | updateAIEvaluation | Update an AI evaluation. |

Alert actions

alert is a child of a project. Alerts are related to the observability feature.A code sample is below:
      proj/*:alert/*
| Action
Description
| --- | | createAlert | Create an alert. | | deleteAlert | Delete an alert. | | updateAlertConfiguration | Update an alert configuration. | | updateAlertOn | Turn an alert on or off. | | viewAlert | View an alert. |To learn more, read Alerts.

Application actions

application is a top-level resource. A code sample is below:
      application/*
This table explains the available application actions:| Action
Description
| --- | | createApplication | Create a new application. | | deleteApplication | Delete an application. | | updateApplicationDescription | Change an application’s description. | | updateApplicationKind | Change an application’s kind. | | updateApplicationMaintainer | Change an application’s maintainer. | | updateApplicationName | Change an application’s name. |

Application version actions

version is a child resource of applications. A code sample is below:
      application/*:version/*
This table explains the available application version actions:| Action
Description
| --- | | createApplicationVersion | Create a new application version. | | deleteApplicationVersion | Delete an application version. | | updateApplicationVersionName | Change the application version name. | | updateApplicationVersionSupport | Change whether an application version is supported or not. |

Code reference actions

code-reference-repository is a top-level resource. A code sample is below:
      code-reference-repository/*
To learn more, read Code references.This table explains the available code reference actions:| Action
Description
| --- | | createCodeRefsRepository | Connect a Git repository. | | deleteCodeRefsRepository | Delete a Git repository connection. | | updateCodeRefsRepositoryBranches | Update the stored branch data for a Git repository connection. | | updateCodeRefsRepositoryConfiguration | Update a Git repository connection configuration. | | updateCodeRefsRepositoryName | Update a Git repository connection name. | | updateCodeRefsRepositoryOn | Flip the on/off status of a Git repository connection. |

Context kind actions

context-kind is a child of a project. A code sample is below:
      proj/*:context-kind/*
To learn more, read Context kinds.This table explains the available context kind actions:| Action
Description
| --- | | createContextKind | Create a context kind. | | updateContextKind | Update a context kind. | | updateAvailabilityForExperiments | Update whether a context kind is available for experiments and guarded rollouts, and whether that context kind is the project’s default for experiments and guarded rollouts. |

Destination actions

destination is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:destination/*
To learn more, read Data Export.This table explains the available Data Export destination actions:| Action
Description
| --- | | createDestination | Create a new Data Export destination. | | deleteDestination | Delete a Data Export destination. | | updateConfiguration | Change a Data Export destination. | | updateName | Change the name of a Data Export destination. | | updateOn | Flip the on/off status of a Data Export destination. |

Domain verification actions

domain-verification is a top-level resource. A code sample is below:
      domain-verification/*
To learn more, read Domain verification.This table explains the available domain verification actions:| Action
Description
| --- | | createDomainVerification | Create a new domain verification. | | deleteDomainVerification | Remove a domain verification. | | updateDomainVerification | Update a domain verification. |

Environment actions

env is a child of a project. A code sample is below:
      proj/*:env/*
To learn more, read Environments.This table explains the available environment actions:| Action
Description
| --- | | createEnvironment | Create a new environment. | | deleteEnvironment | Delete an existing environment. | | deleteContextInstance | Delete context instances. | | importEventData | Import event data using the API for Importing metric events. | | updateApiKey | Reset the SDK key for an environment. | | updateApprovalSettings | Configure the approval settings for an environment. | | updateColor | Change the color swatch for an environment. | | updateConfirmChanges | Require environment confirmation for changes to flags and segments. | | updateCritical | Change whether the environment is considered critical. | | updateDefaultTrackEvents | Turn on sending detailed information for new flags by default. | | updateMobileKey | Reset the mobile key for an environment. | | updateName | Change the name of an environment. | | updateRequireComments | Require comments for changes to flags and segments. | | updateSecureMode | Turn secure mode on or off for an environment. | | updateTags | Update tags associated with an environment. | | updateTtl | Change the TTL for an environment. | | viewSdkKey | View the server-side SDK key. All custom roles can take this action by default. If set to deny, anyone impacted by this policy can neither view nor reset SDK keys. |
The deny effect in the viewSdkKey action hides the server-side SDK key you specify from the member. However, the allow effect for the same resource and action pairing doesn’t do anything. Your LaunchDarkly member does not need explicit permission to view the keys, because all custom roles can view all environments in a LaunchDarkly instance by default.

Error actions

error is a child of a project. Errors are related to the observability feature.A code sample is below:
      proj/*:error/*
| Action
Description
| --- | | updateErrorStatus | Update an error’s status. | | viewError | View an error. |To learn more, read Error monitoring.

Experiment actions

experiment is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:experiment/*
To learn more, read Experimentation.This table explains the available experiment actions:| Action
Description
| --- | | createExperiment | Create an experiment or multi-armed bandit. | | updateExperiment | Start, stop, or edit an existing experiment or multi-armed bandit. | | updateExperimentArchived | Archive an experiment or multi-armed bandit. |

Feature flag actions

flag is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:flag/*
To learn more, read Creating new flags.Some feature flag actions affect only the current environment. Other feature flag actions affect all environments in a project.This table explains feature flag actions related to targeting changes. Unless otherwise specified, these actions affect only the current environment:| Action
Description
| --- | | stopMeasuredRolloutOnFlagFallthrough | Stop a guarded rollout on a flag’s default rule. | | stopMeasuredRolloutOnFlagRule | Stop a guarded rollout on a flag’s custom rule. | | updateExpiringTargets | Change a flag’s expiring individual context targeting rules. | | updateFallthrough | Update the default rule, also called the “fallthrough” rule. | | updateFallthroughWithMeasuredRollout | Start a guarded rollout on a flag’s default rule. | | updateFeatureWorkflows | Change a flag’s release management workflows. | | updateMeasuredRolloutConfiguration | Attach metrics to a flag for use with guarded rollouts. | | updateOffVariation | Update the variation returned when flag is toggled off. | | updateOn | Toggle a flag’s targeting on or off. | | updatePrerequisites | Update flag prerequisites. | | updateRules | Update custom targeting rules. | | updateRulesWithMeasuredRollout | Start a guarded rollout on a flag’s custom rule. | | updateScheduledChanges | Create, edit, and delete the scheduled updates for a flag. | | updateTargets | Update individual context targeting rules. |This table explains feature flag actions related to flag settings. Each of these actions affects all environments in a project:| Action
Description
| --- | | addReleasePipeline | Add a flag to a release pipeline. | | createFlag | Create a flag. | | deleteFlag | Delete a flag. | | removeReleasePipeline | Remove a flag from a release pipeline. | | replaceReleasePipeline | Move a flag to a different release pipeline. | | updateClientSideFlagAvailability | Change whether the flag is available to client-side SDKs. | | updateDescription | Change the description of a flag. | | updateDeprecated | Change whether a flag is deprecated. | | updateFlagCodeReferences | Update code references associated with the flag. | | updateFlagConfigMigrationSettings | Update a feature flag’s consistency check ratio. | | updateFlagCustomProperties | Update custom properties attached to a flag. | | updateFlagDefaultVariations | Change the default flag variations used by newly-created environments for a flag. | | updateFlagVariations | Change the flag’s variations. | | updateGlobalArchived | Change whether a flag is archived. | | updateIncludeInSnippet | Change whether the flag is available to front-end code with the JavaScript SDK. | | updateName | Change the name of a flag. | | updateTags | Update tags associated with a flag. | | updateTemporary | Mark a flag temporary or permanent. |This table explains feature flag actions related to environment-specific settings:| Action
Description
| --- | | createTriggers | Create a new trigger. | | deleteTriggers | Delete a trigger. | | updateFlagFallthroughTrackEvents | Change whether to send detailed event information when the fallthrough variation is selected. | | updateFlagSalt | Update a flag’s salt. | | updateTrackEvents | Change whether to send detailed event information for a flag in a given environment. | | updateTriggers | Update an existing trigger. |This table explains feature flag actions related to collaboration:| Action
Description
| --- | | applyApprovalRequest | Apply the requested changes after the request is approved. | | bypassRequiredApproval | Bypass required approvals for flags in the environment. (You cannot bypass required approvals for segments.) | | createApprovalRequest | Create an approval request. | | createFlagLink | Create a flag link. | | deleteApprovalRequest | Delete an approval request. | | deleteFlagLink | Delete a flag link. This affects all environments in a project. | | manageFlagFollowers | Manage the list of members who receive flag change notifications. | | reviewApprovalRequest | Review an approval request. | | updateApprovalRequest | Update an approval request. | | updateMaintainer | Update the flag maintainer. This affects all environments in a project. | | updateFlagLink | Update a flag link. This affects all environments in a project. |This table explains feature flag actions related to other flag changes:| Action
Description
| --- | | cloneFlag | Create a new flag with settings based on an existing flag. To clone a flag, members need to have the cloneFlag permission on the source flag, as well as the createFlag permission for the new flag. This affects all environments in a project. | | copyFlagConfigFrom | Copy settings from a flag. | | copyFlagConfigTo | Copy settings to a flag. | | updateExpiringTargets | Change a flag’s expiring individual context targeting rules. | | updateFlagRuleDescription | Change the description of a flag’s custom targeting rules. | | updateReleasePhaseStatus | Update a release phase status. |

Holdout actions

holdout is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:holdout/*
To learn more, read Holdouts.This table explains the available holdout actions:| Action
Description
| --- | | addExperimentToHoldout | Add an experiment to a holdout. | | createHoldout | Create a holdout. | | removeExperimentFromHoldout | Remove an experiment from a holdout. | | updateHoldoutDescription | Update the description of a holdout. | | updateHoldoutMethodology | Update the statistical method for a holdout. | | updateHoldoutAmount | Update the holdout amount for a holdout. | | updateHoldoutName | Update the name of a holdout. | | updateHoldoutStatus | Update the status of a holdout. | | updateHoldoutRandomizationUnit | Update the randomization unit of a holdout. |

Integration actions

Most third-party integrations use a shared set of custom role actions.integration is a top-level resource. A code sample is below:
      integration/*
To learn more, read Integrations.This table explains the available integration actions:| Action
Description
| --- | | createIntegration | Create and configure new third-party integrations. | | deleteIntegration | Delete existing third-party integrations. | | updateConfiguration | Modify existing third-party integration configurations. | | updateName | Change the name of third-party integration configurations. | | updateOn | Enable and disable existing third-party integrations. | | validateConnection | Validate the third-party connection. |

Layer actions

layer is a child of a project. A code sample is below:
      proj/*:layer/*
To learn more, read Mutually exclusive experiments.This table explains the available layer actions:| Action
Description
| --- | | createLayer | Create a layer. | | updateLayer | Update a layer’s name or description. | | updateLayerConfiguration | Update a layer’s audience allocation. |

Log actions

log is a child of a project. Logs are related to the observability feature.A code sample is below:
      proj/*:log/*
| Action
Description
| --- | | viewLog | View a log. |To learn more, read Logs.

Member actions

member is a top-level resource. A code sample is below:
      member/*
To learn more, read Members.This table explains the available member actions:| Action
Description
| --- | | approveDomainMatchedMember | Approve a join request from a domain-matched member. To learn more, read Enabling domain matching . | | createMember | Add a new account member to an account. | | deleteMember | Remove an account member from an account. | | sendMfaRecoveryCode | Send an account member their MFA recovery code. | | sendMfaRequest | Send an account member a request to enable MFA. | | updateCustomRole | Update an account member’s custom roles. | | updateMemberRoleAttributes | Update a team member’s role attributes. Role attributes are managed within LaunchDarkly and can be updated through the UI or REST API. They cannot be passed through SAML assertions for single sign-on. For SAML-based SSO, LaunchDarkly supports mapping only the role , customRole , and teamKey attributes. | | updateRole | Update an account member’s role. |

Metric actions

metric is a child of a project. A code sample is below:
      proj/*:metric/*
To learn more, read Metrics.This table explains the available metric actions:| Action
Description
| --- | | createMetric | Create a new metric. | | deleteMetric | Delete a metric that has been archived and is no longer in use. | | updateAnalysisType | Change a metric’s analysis type. | | updateArchived | Archive a metric or restore an archived metric. | | updateDescription | Change the description of a metric. | | updateEventDefault | Change a metric’s handling for units without events. | | updateEventKey | Change the event key for a custom metric. | | updateFilters | Update the filters for a custom metric. | | updateMaintainer | Change the metric’s maintainer. | | updateName | Change the name of a metric. | | updateNumeric | Mark a custom metric as numeric or non-numeric. | | updateNumericSuccess | Update the success criteria for a numeric custom metric. | | updateNumericUnit | Update the unit displayed in results for a numeric custom metric. | | updateOn | Mark a metric as active or inactive. | | updateRandomizationUnits | Change the randomization units for a metric. | | updateSelector | Update the CSS selector for a click conversion metric. | | updateTags | Change the tags associated with a metric. | | updateUnitAggregationType | Change a metric’s aggregation method. | | updateUrls | Update the URLs for a click conversion or page view conversion metric. |

Metric data source actions

metric-data-source is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:metric-data-source/*
To learn more, read Metric data sources.This table explains available metric data source actions:| Action
Description
| --- | | createMetricDataSource | Create a metric data source. | | updateMetricDataSource | Update a metric data source. |

Metric group actions

metric-group is a child of a project.A code sample is below:
      proj/*:metric-group/*
To learn more, read Metric groups.This table explains the available metric group actions:| Action
Description
| --- | | createMetricGroup | Create a metric group. | | deleteMetricGroup | Delete a metric group. | | updateMetricGroupName | Change a metric group’s name. | | updateMetricGroupDescription | Change a metric group’s description. | | updateMetricGroupTags | Change the tags associated with a metric group. | | updateMetricGroupMaintainer | Change a metric group’s maintainer. | | updateMetricGroupMetrics | Change the metrics in a metric group. |

Guardrail metrics group actions

Guardrail metric groups are no longer available. Configure release guardrails by adding individual metrics and metric groups to release policies.
This table explains the available guardrail metrics group actions:| Action
Description
| --- | | createGuardrailMetricGroup | Create a new guardrail metrics group. | | deleteGuardrailMetricGroup | Delete a guardrail metrics group. | | updateGuardrailMetricGroupName | Change a guardrail metrics group’s name. | | updateGuardrailMetricGroupDescription | Change a guardrail metrics group’s description. | | updateGuardrailMetricGroupTags | Change the tags associated with a guardrail metrics group. | | updateGuardrailMetricGroupMaintainer | Change a guardrail metrics group’s maintainer. | | updateGuardrailMetricGroupMetrics | Change the metrics in a guardrail metrics group. |

Notification subscription actions

notification-subscription is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:notification-subscription/*
To learn more, read Update your notification settings.This table explains the available notification subscription actions:| Action
Description
| --- | | createNotificationSubscription | Create a feedback notification subscription. | | deleteNotificationSubscription | Delete a feedback notification subscription. |

Observability dashboard actions

observability-dashboard is a child of a project. A code sample is below:
      proj/*:observability-dashboard/*
| Action
Description
| --- | | addObservabilityGraphToDashboard | Add a graph to an observability dashboard. | | createObservabilityDashboard | Create an observability dashboard. | | deleteObservabilityDashboard | Delete an observability dashboard. | | removeObservabilityGraphFromDashboard | Remove a graph from an observability dashboard. | | updateObservabilityDashboardConfiguration | Update an observability dashboard’s configuration. | | updateObservabilityGraphConfiguration | Update configuration for a graph on an observability dashboard. | | updateObservabilitySettings | Update an observability dashboard’s settings. | | viewObservabilityDashboard | View an observability dashboard. |To learn more, read Dashboards.

Pending request actions

pending-request is a top-level resource. A code sample is below:
      pending-request/*
To learn more, read Accept pending requests.This table explains the available pending request actions:| Action
Description
| --- | | updatePendingRequest | Update a pending request. Accept or decline requests for new members to join your account. |

Personal access token actions

token is a child of a member. A code sample is below:
      member/*:token/*
To learn more, read API access tokens.This table explains the available personal access token actions:| Action
Description
| --- | | createAccessToken | Create a personal access token. All custom roles can take this action by default. | | deleteAccessToken | Delete a personal access token. | | resetAccessToken | Reset a personal access token’s secret key. | | updateAccessTokenDescription | Change the description of a personal access token. | | updateAccessTokenName | Change the name of a personal access token. | | updateAccessTokenPolicy | Change the policy filter of a personal access token. |

Project actions

proj is a top-level resource. A code sample is below:
      proj/*
To learn more, read Projects.This table explains the available project actions:| Action
Description
| --- | | createProject | Create a new project. | | deleteProject | Delete a project. | | updateDefaultClientSideAvailability | Change whether new flags are made available to client-side SDKs by default. Formerly updateIncludeInSnippetByDefault . | | updateDefaultReleasePipeline | Change the default release pipeline for a project. | | updateLifecycleSettings | Update the flag lifecycle settings for a project. | | updateObservabilitySettings | Update the observability settings for a project. | | updateProjectFlagDefaults | Update the default flag settings for a project. | | updateProjectName | Rename a project. | | updateTags | Update tags associated with a project. | | viewProject | View a project. For roles created after October 2024, and for roles with this action set to deny, anyone impacted by the policy can neither view nor modify a project. |
Starting in October 2024, all new roles start with no access. This means the roles cannot take any actions on any resources. Make sure to add explicit permission to view projects to any roles that you create.Older custom roles may have read-only access to all resources by default. This is because roles created prior to October 2024 had the option to use the Reader base role as their starting point, rather than starting with no access.To learn more, read Project roles and Create private projects with custom roles.

Relay Proxy configuration actions

relay-proxy-config is a top-level resource for which you can allow or deny certain actions.Here is an example:
      relay-proxy-config/*
To learn more, read Automatic configuration.This table explains the available Relay Proxy automatic configuration actions:| Action
Description
| --- | | createRelayAutoConfiguration | Create a Relay Proxy with automatic configuration enabled. | | deleteRelayAutoConfiguration | Delete the Relay Proxy with automatic configuration enabled. | | resetRelayAutoConfiguration | Reset the configuration of the Relay Proxy with automatic configuration enabled. | | updateRelayAutoConfigurationName | Change the Relay Proxy with automatic configuration’s name. | | updateRelayAutoConfigurationPolicy | Change the policies associated with the Relay Proxy with automatic configuration. |

Release pipeline actions

release-pipeline is a child of a project. A code sample is below:
      proj/*:release-pipeline/*
This table explains the available release pipeline actions:| Action
Description
| --- | | createReleasePipeline | Create a new release pipeline. | | deleteReleasePipeline | Delete a release pipeline. | | updateReleasePipelineDescription | Change the description of a release pipeline. | | updateReleasePipelineName | Change the name of a release pipeline. | | updateReleasePipelinePhase | Update release pipeline phase and audience values. | | updateReleasePipelinePhaseName | Change the name of one phase in a release pipeline. | | updateReleasePipelineTags | Change the tags on a release pipeline. |

Release policy actions

release-policy is a child of a project.
      proj/*:release-policy/*
To learn more, read Release policies.This table explains the available release policy actions:| Action
Description
| --- | | createReleasePolicy | Create a new release policy. | | deleteReleasePolicy | Delete a release policy. | | updateReleasePolicy | Update a release policy. | | updateReleasePolicyRank | Update a release policy’s priority. |

Role actions

role is a top-level resource. A code sample is below:
      role/*
To learn more, read Roles.This table explains the available role actions:| Action
Description
| --- | | createRole | Create new custom roles. | | deleteRole | Delete a custom role. | | updateBasePermissions | Update a custom role’s base permissions. This only applies to roles created before October
  1. | | updateDescription
| Update a custom role’s description. | | updateMembers | Add or remove members from a custom role. Equivalent to updateCustomRole on account members. | | updateName | Update a custom role’s name. | | updatePolicy | Update a custom role’s policy. | | updateTokens | Change the policy filter of a personal access token. Equivalent to updateAccessTokenPolicy on personal access tokens. |

Segment actions

segment is a child of both a project and an environment. A code sample is below:
      proj/*:env/*:segment/*
To learn more, read Segments.This table explains the available segments actions:| Action
Description
| --- | | applyApprovalRequest | Apply an approved approval request for a segment. | | bypassRequiredSegmentApproval | Bypass required approval for segment changes in the environment. | | createApprovalRequest | Request approval on changes for a segment. | | createSegment | Create new segments. | | createSegmentExport | Export a list-based segment. | | deleteApprovalRequest | Delete an approval request for a segment. | | deleteSegment | Delete segments. | | reviewApprovalRequest | Review changes on an approval request for a segment. | | updateApprovalRequest | Update an approval request for a segment. | | updateDescription | Update a segment’s description. | | updateExcluded | Change a segment’s excluded contexts. | | updateExpiringTargets | Change a segment’s expiring individual context targeting rules. | | updateIncluded | Change a segment’s included contexts. | | updateName | Change the name of a segment. | | updateRules | Change a segment’s custom targeting rules. | | updateScheduledChanges | Change the scheduled updates on a segment. | | updateTags | Change the tags associated with a segment. |

Service access token actions

service-token is a top-level resource. A code sample is below:
      service-token/*
To learn more, read API access tokens.This table explains the available service access token actions:| Action
Description
| --- | | createAccessToken | Create a service access token. All custom roles can take this action by default. | | deleteAccessToken | Delete a service access token. | | resetAccessToken | Reset a service access token’s secret key. | | updateAccessTokenDescription | Change the description of a service access token. | | updateAccessTokenName | Change the name of a service access token. |

Session actions

session is a child of a project. Sessions are related to the observability feature.A code sample is below:
      proj/*:session/*
| Action
Description
| --- | | viewSession | View a session. |To learn more, read Session replay.

Team actions

team is a top-level resource. A code sample is below:
      team/*
To learn more, read Teams.This table explains the available team actions:| Action
Description
| --- | | createTeam | Create a new team. | | deleteTeam | Delete a team. | | updateTeamCustomRoles | Add or remove custom roles from a team. | | updateTeamDescription | Update the description of a team. | | updateTeamMembers | Add or remove members to or from a team. | | updateTeamName | Change the name of a team. | | updateTeamPermissionGrants | Update a team’s permission grants. Permission grants can be added or removed using the REST API . | | updateTeamRoleAttributes | Update a team’s role attributes. | | viewTeam | If set to deny, anyone impacted by this policy can neither view nor modify a team. |
The deny effect for your resource in the viewTeam action hides the teams you specify from the member. The allow effect for the same resource and action pairing doesn’t do anything because your account member can already view the team.To learn more, read Create private teams.

Template actions

template is a top-level resource. A code sample is below:
      template/*
To learn more, read Workflow templates.This table explains the available workflow template actions:| Action
Description
| --- | | createTemplate | Create a new template. | | deleteTemplate | Delete a template. | | viewTemplate | If set to deny, anyone impacted by this policy can neither view nor modify a template. |

Trace actions

trace is a child of a project. Traces are related to the observability feature.A code sample is below:
      proj/*:trace/*
| Action
Description
| --- | | viewTrace | View a trace. |To learn more, read Traces.

Vega actions

vega is a child of a project. Vega is the observability feature AI agent.A code sample is below:
      proj/*:vega/*
| Action
Description
| --- | | talkToVega | Access the Vega AI agent. |To learn more, read Vega.

View actions

view is a child of a project. A code sample is below:
      proj/*:view/*
To learn more, review Views.This table explains the available view actions:| Action
Description
| --- | | createView | Create a new view. | | deleteView | Delete a view. | | linkFlagToView | Link a flag to a view. | | linkSegmentToView | Link a segment to a view. | | linkMetricToView | Link a metric to a view. | | unlinkFlagFromView | Unlink a flag from a view. | | unlinkSegmentFromView | Unlink a segment from a view. | | updateView | Update a view. | | viewView | View a view. |

Webhook actions

webhook is a top-level resource. A code sample is below:
      webhook/*
To learn more, read Webhooks.This table explains the available webhooks actions:| Action
Description
| --- | | createWebhook | Create new webhooks. | | deleteWebhook | Delete existing webhooks. | | updateName | Change the name of webhook configurations. | | updateOn | Enable and disable existing webhooks. | | updateQuery | Modify a webhook query. | | updateSecret | Update an existing webhook’s signing secret. | | updateStatements | Update webhook policy statements. | | updateTags | Update webhook tags. | | updateUrl | Change the URL for a webhook. |