{ "url": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonworkmail.html", "name": "Amazon WorkMail", "prefix": "workmail", "timestamp": "1775779207", "actions": [ { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/audit-logging.html", "name": "AllowVendedLogDeliveryForResource", "description": "Grants permission to configure vended log delivery for WorkMail audit logs", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_AssociateDelegateToResource.html", "name": "AssociateDelegateToResource", "description": "Grants permission to add a member (user or group) to the resource's set of delegates", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_AssociateMemberToGroup.html", "name": "AssociateMemberToGroup", "description": "Grants permission to add a member (user or group) to the group's set", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_AssumeImpersonationRole.html", "name": "AssumeImpersonationRole", "description": "Grants permission to assume an impersonation role for the given Amazon WorkMail organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [ "workmail:ImpersonationRoleId" ], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CancelMailboxExportJob.html", "name": "CancelMailboxExportJob", "description": "Grants permission to cancel a currently running mailbox export job", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateAlias.html", "name": "CreateAlias", "description": "Grants permission to add an alias to the set of a given member (user or group) of WorkMail", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateAvailabilityConfiguration.html", "name": "CreateAvailabilityConfiguration", "description": "Grants permission to create an AvailabilityConfiguration for the given Amazon WorkMail organization and domain", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateGroup.html", "name": "CreateGroup", "description": "Grants permission to create a group that can be used in WorkMail by calling the RegisterToWorkMail operation", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateIdentityCenterApplication.html", "name": "CreateIdentityCenterApplication", "description": "Grants permission to create an Identity Center application for WorkMail", "access": "Write", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateImpersonationRole.html", "name": "CreateImpersonationRole", "description": "Grants permission to create an impersonation role for the given Amazon WorkMail organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/create-email-rules.html", "name": "CreateInboundMailFlowRule", "description": "Grants permission to create an inbound email flow rule which will apply to all email sent to an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/add_domain.html", "name": "CreateMailDomain", "description": "Grants permission to create a mail domain", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateMobileDeviceAccessRule.html", "name": "CreateMobileDeviceAccessRule", "description": "Grants permission to create a new mobile device access rule", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateOrganization.html", "name": "CreateOrganization", "description": "Grants permission to create a new Amazon WorkMail organization", "access": "Write", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/create-email-rules.html", "name": "CreateOutboundMailFlowRule", "description": "Grants permission to create an outbound email flow rule which will apply to all email sent from an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateResource.html", "name": "CreateResource", "description": "Grants permission to create a new WorkMail resource", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/smtp-gateway.html", "name": "CreateSmtpGateway", "description": "Grants permission to register an SMTP gateway to a WorkMail organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_CreateUser.html", "name": "CreateUser", "description": "Grants permission to create a user, which can be enabled afterwards by calling the RegisterToWorkMail operation", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteAccessControlRule.html", "name": "DeleteAccessControlRule", "description": "Grants permission to delete an access control rule", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteAlias.html", "name": "DeleteAlias", "description": "Grants permission to remove one or more specified aliases from a set of aliases for a given user", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteAvailabilityConfiguration.html", "name": "DeleteAvailabilityConfiguration", "description": "Grants permission to delete the AvailabilityConfiguration for the given Amazon WorkMail organization and domain", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteEmailMonitoringConfiguration.html", "name": "DeleteEmailMonitoringConfiguration", "description": "Grants permission to delete the email monitoring configuration for an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteGroup.html", "name": "DeleteGroup", "description": "Grants permission to delete a group from WorkMail", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteIdentityCenterApplication.html", "name": "DeleteIdentityCenterApplication", "description": "Grants permission to delete an Identity Center application for WorkMail", "access": "Write", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteIdentityProviderConfiguration.html", "name": "DeleteIdentityProviderConfiguration", "description": "Grants permission to delete the identity provider configuration for the organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteImpersonationRole.html", "name": "DeleteImpersonationRole", "description": "Grants permission to delete an impersonation role for the given Amazon WorkMail organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/remove-email-flow-rule.html", "name": "DeleteInboundMailFlowRule", "description": "Grants permission to remove an inbound email flow rule to no longer apply to emails sent to an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/remove_domain.html", "name": "DeleteMailDomain", "description": "Grants permission to remove an unused mail domain from an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteMailboxPermissions.html", "name": "DeleteMailboxPermissions", "description": "Grants permission to delete permissions granted to a member (user or group)", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/manage-devices.html#remove_mobile_device", "name": "DeleteMobileDevice", "description": "Grants permission to remove a mobile device from a user", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteMobileDeviceAccessOverride.html", "name": "DeleteMobileDeviceAccessOverride", "description": "Grants permission to delete a mobile device access override", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteMobileDeviceAccessRule.html", "name": "DeleteMobileDeviceAccessRule", "description": "Grants permission to delete a mobile device access rule", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteOrganization.html", "name": "DeleteOrganization", "description": "Grants permission to delete an Amazon WorkMail organization and all underlying AWS resources managed by Amazon WorkMail as part of the organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/remove-email-flow-rule.html", "name": "DeleteOutboundMailFlowRule", "description": "Grants permission to remove an outbound email flow rule so that it no longer applies to emails sent from an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeletePersonalAccessToken.html", "name": "DeletePersonalAccessToken", "description": "Grants permission to delete a personal access token", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteResource.html", "name": "DeleteResource", "description": "Grants permission to delete the specified resource", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteRetentionPolicy.html", "name": "DeleteRetentionPolicy", "description": "Grants permission to delete the retention policy based on the supplied organization and policy identifiers", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/smtp-gateway.html", "name": "DeleteSmtpGateway", "description": "Grants permission to remove an SMTP gateway from an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeleteUser.html", "name": "DeleteUser", "description": "Grants permission to delete a user from WorkMail and all subsequent systems", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/sesmailmanager/latest/APIReference/API_DeliverToMailboxAction.html", "name": "DeliverToMailbox", "description": "Grants permission to deliver emails to a WorkMail organization via the SES MailManager DeliverToMailbox action", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeregisterFromWorkMail.html", "name": "DeregisterFromWorkMail", "description": "Grants permission to mark a user, group, or resource as no longer used in WorkMail", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DeregisterMailDomain.html", "name": "DeregisterMailDomain", "description": "Grants permission to deregister a mail domain from an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeEmailMonitoringConfiguration.html", "name": "DescribeEmailMonitoringConfiguration", "description": "Grants permission to retrieve the email monitoring configuration for an organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeEntity.html", "name": "DescribeEntity", "description": "Grants permission to read details of an entity", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeGroup.html", "name": "DescribeGroup", "description": "Grants permission to read the details for a group", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeIdentityProviderConfiguration.html", "name": "DescribeIdentityProviderConfiguration", "description": "Grants permission to read the identity provider configuration for the organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeInboundDmarcSettings.html", "name": "DescribeInboundDmarcSettings", "description": "Grants permission to read the settings in a DMARC policy for a specified organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/email-flows.html#email-flows-rule-actions", "name": "DescribeInboundMailFlowRule", "description": "Grants permission to read the details of an inbound mail flow rule configured for an organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/domains_overview.html", "name": "DescribeMailDomains", "description": "Grants permission to show the details of all mail domains associated with the organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeMailboxExportJob.html", "name": "DescribeMailboxExportJob", "description": "Grants permission to retrieve details of a mailbox export job", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeOrganization.html", "name": "DescribeOrganization", "description": "Grants permission to read details of an organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/email-flows.html#email-flows-rule-outbound", "name": "DescribeOutboundMailFlowRule", "description": "Grants permission to read the details of an outbound mail flow rule configured for an organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeResource.html", "name": "DescribeResource", "description": "Grants permission to read the details for a resource", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/smtp-gateway.html", "name": "DescribeSmtpGateway", "description": "Grants permission to read the details of an SMTP gateway registered to an organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DescribeUser.html", "name": "DescribeUser", "description": "Grants permission to read details for a user", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DisassociateDelegateFromResource.html", "name": "DisassociateDelegateFromResource", "description": "Grants permission to remove a member from the resource's set of delegates", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_DisassociateMemberFromGroup.html", "name": "DisassociateMemberFromGroup", "description": "Grants permission to remove a member from a group", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/add_domain.html", "name": "EnableMailDomain", "description": "Grants permission to enable a mail domain in the organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetAccessControlEffect.html", "name": "GetAccessControlEffect", "description": "Grants permission to get the effects of access control rules as they apply to a specified IPv4 address, access protocol action, or user ID", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetDefaultRetentionPolicy.html", "name": "GetDefaultRetentionPolicy", "description": "Grants permission to retrieve the retention policy associated at an organizational level", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetImpersonationRole.html", "name": "GetImpersonationRole", "description": "Grants permission to retrieve an impersonation role for the given Amazon WorkMail organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetImpersonationRoleEffect.html", "name": "GetImpersonationRoleEffect", "description": "Grants permission to get the effect of the rules associated to an impersonation role for a specific user", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/journaling_overview.html", "name": "GetJournalingRules", "description": "Grants permission to read the configured journaling and fallback email addresses for email journaling", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetMailDomain.html", "name": "GetMailDomain", "description": "Grants permission to retrieve details of a given mail domain in an organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/domains_overview.html", "name": "GetMailDomainDetails", "description": "Grants permission to get the details of the mail domain", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetMailboxDetails.html", "name": "GetMailboxDetails", "description": "Grants permission to read the details of the user's mailbox", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetMobileDeviceAccessEffect.html", "name": "GetMobileDeviceAccessEffect", "description": "Grants permission to simulate the effect of the mobile device access rules for the given attributes of a sample access event", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetMobileDeviceAccessOverride.html", "name": "GetMobileDeviceAccessOverride", "description": "Grants permission to retrieve a mobile device access override", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/manage-devices.html", "name": "GetMobileDeviceDetails", "description": "Grants permission to get the details of the mobile device", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/manage-devices.html", "name": "GetMobileDevicesForUser", "description": "Grants permission to get a list of the mobile devices associated with the user", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/edit_organization_mobile_policy.html", "name": "GetMobilePolicyDetails", "description": "Grants permission to get the details of the mobile device policy associated with the organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_GetPersonalAccessTokenMetadata.html", "name": "GetPersonalAccessTokenMetadata", "description": "Grants permission to read metadata for a personal access token", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListAccessControlRules.html", "name": "ListAccessControlRules", "description": "Grants permission to list the access control rules", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListAliases.html", "name": "ListAliases", "description": "Grants permission to list the aliases associated with a given entity", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListAvailabilityConfigurations.html", "name": "ListAvailabilityConfigurations", "description": "Grants permission to list all the AvailabilityConfiguration's for the given Amazon WorkMail organization", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListGroupMembers.html", "name": "ListGroupMembers", "description": "Grants permission to read an overview of the members of a group. Users and groups can be members of a group", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListGroups.html", "name": "ListGroups", "description": "Grants permission to list summaries of the organization's groups", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListGroupsForEntity.html", "name": "ListGroupsForEntity", "description": "Grants permission to list the groups to which an entity belongs", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListImpersonationRoles.html", "name": "ListImpersonationRoles", "description": "Grants permission to list the impersonation roles for the given Amazon WorkMail organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/email-flows.html#email-flows-rule-actions", "name": "ListInboundMailFlowRules", "description": "Grants permission to list inbound mail flow rules configured for an organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListMailDomains.html", "name": "ListMailDomains", "description": "Grants permission to list the mail domains for a given organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListMailboxExportJobs.html", "name": "ListMailboxExportJobs", "description": "Grants permission to list mailbox export jobs", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListMailboxPermissions.html", "name": "ListMailboxPermissions", "description": "Grants permission to list the mailbox permissions associated with a user, group, or resource mailbox", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListMobileDeviceAccessOverrides.html", "name": "ListMobileDeviceAccessOverrides", "description": "Grants permission to list the mobile device access overrides", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListMobileDeviceAccessRules.html", "name": "ListMobileDeviceAccessRules", "description": "Grants permission to list the mobile device access rules", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListOrganizations.html", "name": "ListOrganizations", "description": "Grants permission to list the non-deleted organizations", "access": "List", "resources": [], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/email-flows.html#email-flows-rule-outbound", "name": "ListOutboundMailFlowRules", "description": "Grants permission to list outbound mail flow rules configured for an organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListPersonalAccessTokens.html", "name": "ListPersonalAccessTokens", "description": "Grants permission to list metadata for personal access tokens", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListResourceDelegates.html", "name": "ListResourceDelegates", "description": "Grants permission to list the delegates associated with a resource", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListResources.html", "name": "ListResources", "description": "Grants permission to list the organization's resources", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/smtp-gateway.html", "name": "ListSmtpGateways", "description": "Grants permission to list SMTP gateways registered to the organization", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListTagsForResource.html", "name": "ListTagsForResource", "description": "Grants permission to list the tags applied to an Amazon WorkMail organization resource", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ListUsers.html", "name": "ListUsers", "description": "Grants permission to list the organization's users", "access": "List", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutAccessControlRule.html", "name": "PutAccessControlRule", "description": "Grants permission to add a new access control rule", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutEmailMonitoringConfiguration.html", "name": "PutEmailMonitoringConfiguration", "description": "Grants permission to add or update the email monitoring configuration for an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutIdentityProviderConfiguration.html", "name": "PutIdentityProviderConfiguration", "description": "Grants permission to add or update the identity provider configuration for the organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutInboundDmarcSettings.html", "name": "PutInboundDmarcSettings", "description": "Grants permission to enable or disable a DMARC policy for a given organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutMailboxPermissions.html", "name": "PutMailboxPermissions", "description": "Grants permission to set permissions for a user, group, or resource, replacing any existing permissions", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutMobileDeviceAccessOverride.html", "name": "PutMobileDeviceAccessOverride", "description": "Grants permission to add or update a mobile device access override", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_PutRetentionPolicy.html", "name": "PutRetentionPolicy", "description": "Grants permission to add or update the retention policy", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_RegisterMailDomain.html", "name": "RegisterMailDomain", "description": "Grants permission to register a new mail domain in an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_RegisterToWorkMail.html", "name": "RegisterToWorkMail", "description": "Grants permission to register an existing and disabled user, group, or resource for use by associating a mailbox and calendaring capabilities", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_ResetPassword.html", "name": "ResetPassword", "description": "Grants permission to allow the administrator to reset the password for a user", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/groups_overview.html", "name": "SearchMembers", "description": "Grants permission to perform a prefix search to find a specific user in a mail group", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/default_domain.html", "name": "SetDefaultMailDomain", "description": "Grants permission to set the default mail domain for the organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/journaling_overview.html", "name": "SetJournalingRules", "description": "Grants permission to set journaling and fallback email addresses for email journaling", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/edit_organization_mobile_policy.html", "name": "SetMobilePolicyDetails", "description": "Grants permission to set the details of a mobile policy associated with the organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_StartMailboxExportJob.html", "name": "StartMailboxExportJob", "description": "Grants permission to start a new mailbox export job", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_TagResource.html", "name": "TagResource", "description": "Grants permission to tag the specified Amazon WorkMail organization resource", "access": "Tagging", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [ "aws:TagKeys", "aws:RequestTag/${TagKey}" ], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_TestAvailabilityConfiguration.html", "name": "TestAvailabilityConfiguration", "description": "Grants permission to performs a test on an availability provider to ensure that access is allowed", "access": "Read", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/test-email-flow-rule.html", "name": "TestInboundMailFlowRules", "description": "Grants permission to test what inbound rules will apply to an email with a given sender and recipient", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/test-email-flow-rule.html", "name": "TestOutboundMailFlowRules", "description": "Grants permission to test what outbound rules will apply to an email with a given sender and recipient", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UntagResource.html", "name": "UntagResource", "description": "Grants permission to untag the specified Amazon WorkMail organization resource", "access": "Tagging", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [ "aws:TagKeys" ], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateAvailabilityConfiguration.html", "name": "UpdateAvailabilityConfiguration", "description": "Grants permission to update an existing AvailabilityConfiguration for the given Amazon WorkMail organization and domain", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateDefaultMailDomain.html", "name": "UpdateDefaultMailDomain", "description": "Grants permission to update which domain is the default domain for an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateGroup.html", "name": "UpdateGroup", "description": "Grants permission to update details of a group", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateImpersonationRole.html", "name": "UpdateImpersonationRole", "description": "Grants permission to update an existing impersonation role for the given Amazon WorkMail organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/modify-email-flow-rule.html", "name": "UpdateInboundMailFlowRule", "description": "Grants permission to update the details of an inbound email flow rule which will apply to all email sent to an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateMailboxQuota.html", "name": "UpdateMailboxQuota", "description": "Grants permission to update the maximum size (in MB) of the user's mailbox", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateMobileDeviceAccessRule.html", "name": "UpdateMobileDeviceAccessRule", "description": "Grants permission to update a mobile device access rule", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/modify-email-flow-rule.html", "name": "UpdateOutboundMailFlowRule", "description": "Grants permission to update the details of an outbound email flow rule which will apply to all email sent from an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdatePrimaryEmailAddress.html", "name": "UpdatePrimaryEmailAddress", "description": "Grants permission to update the primary email for a user, group, or resource", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateResource.html", "name": "UpdateResource", "description": "Grants permission to update details for the resource", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/smtp-gateway.html", "name": "UpdateSmtpGateway", "description": "Grants permission to update the details of an existing SMTP gateway registered to an organization", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/APIReference/API_UpdateUser.html", "name": "UpdateUser", "description": "Grants permission to update details of a user", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] }, { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/manage-devices.html#remote_wipe_device", "name": "WipeMobileDevice", "description": "Grants permission to remotely wipe the mobile device associated with a user's account", "access": "Write", "resources": [ { "name": "organization", "is_required": true } ], "conditions": [], "dependents": [] } ], "resources": [ { "url": "https://docs.aws.amazon.com/workmail/latest/adminguide/organizations_overview.html", "name": "organization", "arn": "arn:${Partition}:workmail:${Region}:${Account}:organization/${ResourceId}", "conditions": [ "aws:ResourceTag/${TagKey}" ] } ], "conditions": [ { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-requesttag", "name": "aws:RequestTag/${TagKey}", "description": "Filters access by the tag key-value pairs that are passed in the request", "type": "String" }, { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourcetag", "name": "aws:ResourceTag/${TagKey}", "description": "Filters access by the tag key-value pairs attached to the resource", "type": "String" }, { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-tagkeys", "name": "aws:TagKeys", "description": "Filters access by the tag keys that are passed in the request", "type": "ArrayOfString" }, { "url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazonworkmail.html#amazonworkmail-policy-keys", "name": "workmail:ImpersonationRoleId", "description": "Filters access by the ImpersonationRoleId that is passed in the request", "type": "String" } ] }