PingOne Platform APIs

PingOne Permissions by Service

Use this table when you’re assigning admin roles to find the PingOne permissions based on the service assignments. You’ll also find the PingOne Permissions by Resource table useful.

Refer to PingOne Permissions by Identifier for more information.

The Special column indicates special handling of certain permissions:

  • Essential: Start building a new custom role with the minimum set of permissions needed for the role to be usable.

  • Sensitive: The permission either provides access to sensitive information, such as personal user data, or allows the bearer to perform important actions that could negatively impact the organization, such as deleting an environment.

Service Resource Permission Special

admin

config

read

admin

config

update

sensitive

agreements

agreement

create

agreements

agreement

read

agreements

agreement

update

agreements

agreement

delete

agreements

oauthConsent

create

agreements

oauthConsent

read

agreements

oauthConsent

update

agreements

userConsent

create

agreements

userConsent

read

agreements

userConsent

update

agreements

userConsent

delete

alerting

channel

create

alerting

channel

read

alerting

channel

update

alerting

channel

delete

applicationRoles

applicationEntitlement

read

applicationRoles

applicationPermission

create

applicationRoles

applicationPermission

read

applicationRoles

applicationPermission

update

applicationRoles

applicationPermission

delete

applicationRoles

applicationResource

create

applicationRoles

applicationResource

read

applicationRoles

applicationResource

update

applicationRoles

applicationResource

delete

applicationRoles

applicationRole

create

applicationRoles

applicationRole

read

applicationRoles

applicationRole

update

applicationRoles

applicationRole

delete

applicationRoles

applicationRoleAssignment

create

applicationRoles

applicationRoleAssignment

read

applicationRoles

applicationRoleAssignment

delete

applicationRoles

applicationRoleEntry

create

applicationRoles

applicationRoleEntry

read

applicationRoles

applicationRoleEntry

delete

applications

application

create

applications

application

import

applications

application

read

applications

application

update

applications

application

delete

applications

certificate

issue

sensitive

applications

flowPolicyAssignment

create

applications

flowPolicyAssignment

read

applications

flowPolicyAssignment

update

applications

flowPolicyAssignment

delete

applications

grant

create

applications

grant

read

applications

grant

update

applications

grant

delete

applications

pushCredentials

create

applications

pushCredentials

read

applications

pushCredentials

update

applications

pushCredentials

delete

applications

secret

read

sensitive

applications

secret

set

sensitive

applications

secret

update

sensitive

applications

secret

delete

sensitive

applications

signOnPolicyAssignment

create

applications

signOnPolicyAssignment

read

applications

signOnPolicyAssignment

update

applications

signOnPolicyAssignment

delete

audit_reporting

activity

read

authn

sessions

create

authn

sessions

read

authn

sessions

update

authn

sessions

delete

authn

signOnPolicy

create

authn

signOnPolicy

read

authn

signOnPolicy

update

authn

signOnPolicy

delete

authz

adaptiveTrustPolicy

create

authz

adaptiveTrustPolicy

read

authz

adaptiveTrustPolicy

update

authz

adaptiveTrustPolicy

delete

authz

adaptiveTrustPolicyAssignment

create

authz

adaptiveTrustPolicyAssignment

read

authz

adaptiveTrustPolicyAssignment

delete

authz

apiServer

create

authz

apiServer

read

authz

apiServer

update

authz

apiServer

delete

authz

apiServerDeployment

deploy

authz

apiServerDeployment

read

authz

authorizationAttribute

create

authz

authorizationAttribute

read

authz

authorizationAttribute

test

authz

authorizationAttribute

update

authz

authorizationAttribute

delete

authz

authorizationCondition

create

authz

authorizationCondition

read

authz

authorizationCondition

test

authz

authorizationCondition

update

authz

authorizationCondition

delete

authz

authorizationModule

create

authz

authorizationModule

read

authz

authorizationModule

update

authz

authorizationModule

delete

authz

authorizationPolicy

create

authz

authorizationPolicy

read

authz

authorizationPolicy

test

authz

authorizationPolicy

update

authz

authorizationPolicy

delete

authz

authorizationProcessor

create

authz

authorizationProcessor

read

authz

authorizationProcessor

update

authz

authorizationProcessor

delete

authz

authorizationRule

create

authz

authorizationRule

read

authz

authorizationRule

test

authz

authorizationRule

update

authz

authorizationRule

delete

authz

authorizationService

create

authz

authorizationService

read

authz

authorizationService

test

authz

authorizationService

update

authz

authorizationService

delete

authz

authorizationStatement

create

authz

authorizationStatement

read

authz

authorizationStatement

update

authz

authorizationStatement

delete

authz

authorizeDeployment

read

authz

decisionendpoint

authorize

authz

decisionendpoint

create

authz

decisionendpoint

read

authz

decisionendpoint

update

authz

decisionendpoint

delete

authz

deploymentpackage

read

authz

entity

create

authz

entity

read

authz

entity

test

authz

entity

update

authz

entity

delete

authz

externalOAuthServer

create

authz

externalOAuthServer

read

authz

externalOAuthServer

update

authz

externalOAuthServer

delete

authz

recentdecisions

read

authz

tag

read

authz

tag

update

authz

tag

delete

authz

version

read

bootstrap

bootstrap

create

bootstrap

bootstrap

read

branding

branding

update

branding

branding

delete

branding

brandingSettings

read

branding

brandingSettings

update

branding

customDomain

create

branding

customDomain

read

branding

customDomain

update

branding

customDomain

delete

branding

theme

create

branding

theme

read

branding

theme

update

branding

theme

delete

certmgt

certificate

create

sensitive

certmgt

certificate

read

sensitive

certmgt

certificate

update

sensitive

certmgt

certificate

delete

sensitive

certmgt

key

create

sensitive

certmgt

key

read

certmgt

key

update

sensitive

certmgt

key

delete

sensitive

certmgt

krp

create

certmgt

krp

read

certmgt

krp

update

certmgt

krp

delete

console

environmentOverview

display

console

environmentProperties

display

credentialsIssuance

credentialSigningKey

create

credentialsIssuance

credentialSigningKey

read

credentialsIssuance

credentialSigningKey

update

credentialsIssuance

credentialSigningKey

delete

credentialsIssuance

credentialType

create

credentialsIssuance

credentialType

read

credentialsIssuance

credentialType

update

credentialsIssuance

credentialType

delete

credentialsIssuance

credentials

create

credentialsIssuance

credentials

read

credentialsIssuance

credentials

update

credentialsIssuance

credentials

delete

credentialsIssuance

digitalWallet

create

credentialsIssuance

digitalWallet

read

credentialsIssuance

digitalWallet

update

credentialsIssuance

digitalWallet

delete

credentialsIssuance

digitalWalletApplication

create

credentialsIssuance

digitalWalletApplication

read

credentialsIssuance

digitalWalletApplication

update

credentialsIssuance

digitalWalletApplication

delete

credentialsIssuance

issuanceRule

create

credentialsIssuance

issuanceRule

read

credentialsIssuance

issuanceRule

update

credentialsIssuance

issuanceRule

delete

credentialsIssuance

issuerProfile

create

credentialsIssuance

issuerProfile

read

credentialsIssuance

issuerProfile

update

credentialsIssuance

openid4vciOffer

create

credentialsIssuance

openid4vciOffer

read

credentialsIssuance

stagedChanges

read

credentialsIssuance

stagedChanges

update

credentialsVerification

presentationSession

create

credentialsVerification

presentationSession

read

credentialsVerification

presentationSession

delete

davinci

applications

create

davinci

applications

read

davinci

applications

update

davinci

applications

delete

davinci

connections

create

davinci

connections

read

davinci

connections

update

davinci

connections

delete

davinci

connectors

read

davinci

constructs

create

davinci

constructs

read

davinci

constructs

update

davinci

constructs

delete

davinci

dvFlows

create

davinci

dvFlows

deploy

davinci

dvFlows

read

davinci

dvFlows

update

davinci

dvFlows

delete

davinci

dvUsers

read

davinci

dvUsers

update

davinci

dvUsers

delete

davinci

events

read

davinci

flowPolicies

create

davinci

flowPolicies

read

davinci

flowPolicies

update

davinci

flowPolicies

delete

davinci

flowVersions

export

davinci

flowVersions

read

davinci

flowVersions

revert

davinci

flowVersions

update

davinci

flowVersions

delete

davinci

interactionEvents

read

davinci

stats

read

davinci

uiTemplates

create

davinci

uiTemplates

read

davinci

uiTemplates

update

davinci

uiTemplates

delete

devices

seenDevice

create

devices

seenDevice

read

devices

seenDevice

update

devices

seenDevice

delete

devices

userSeenDevice

create

devices

userSeenDevice

read

devices

userSeenDevice

update

devices

userSeenDevice

delete

dir

group

create

dir

group

read

dir

group

update

dir

group

delete

dir

groupMembership

create

dir

groupMembership

read

dir

groupMembership

delete

dir

groupSyncedRules

read

dir

passwordPolicy

create

dir

passwordPolicy

read

dir

passwordPolicy

update

dir

passwordPolicy

delete

dir

population

create

dir

population

read

dir

population

update

dir

population

delete

dir

schema

read

dir

schema

update

dir

schema

delete

dir

user

create

dir

user

import

dir

user

invite

dir

user

read

dir

user

update

dir

user

verify

dir

user

delete

dir

userAccount

lock

dir

userAccount

unlock

dir

userEnabled

update

dir

userIdentityAssurance

delete

dir

userIdentityProvider

update

dir

userLinkedAccounts

create

dir

userLinkedAccounts

read

dir

userLinkedAccounts

delete

dir

userMfaBypass

update

dir

userMfaEnabled

update

dir

userPassword

forceChange

sensitive

dir

userPassword

read

dir

userPassword

recover

sensitive

dir

userPassword

reset

sensitive

dir

userPassword

set

sensitive

dir

userPassword

unlock

sensitive

dir

userPassword

validate

dir

userSyncedStores

read

dir

userVerifyStatus

update

earlyAccess

features

read

earlyAccess

features

update

enduseruiconfig

configs

read

experiences

experience

create

experiences

experience

read

experiences

experience

update

experiences

experience

delete

externalServices

externalService

create

externalServices

externalService

invoke

externalServices

externalService

read

externalServices

externalService

update

externalServices

externalService

delete

externalServices

secrets

read

externalServices

secrets

update

flowPolicies

flowPolicy

read

formBuilder

form

create

formBuilder

form

read

formBuilder

form

update

formBuilder

form

delete

formBuilder

recaptchaV2Config

read

formBuilder

recaptchaV2Config

update

formBuilder

recaptchaV2Config

delete

gateways

gateway

create

gateways

gateway

read

gateways

gateway

update

gateways

gateway

delete

globalregistry

console

read

identityProviders

identityProvider

create

identityProviders

identityProvider

read

identityProviders

identityProvider

update

identityProviders

identityProvider

delete

identitycloud

orchestration

create

identitycloud

orchestration

update

identitycloud

superadmin

admin

identitycloud

tenantadmin

admin

idverifications

dataBasedIdentityVerification

create

idverifications

document

create

idverifications

document

get

idverifications

document

update

idverifications

document

delete

idverifications

identityRecordMatching

create

idverifications

referenceData

get

idverifications

referenceData

delete

idverifications

verifiedUserData

get

idverifications

verifiedUserData

update

idverifications

verifiedUserData

delete

idverifications

verifyPolicy

create

idverifications

verifyPolicy

read

idverifications

verifyPolicy

update

idverifications

verifyPolicy

delete

idverifications

verifyTransactions

create

idverifications

verifyTransactions

read

idverifications

verifyTransactions

update

idverifications

verifyTransactions

delete

idverifications

voicePhrase

create

idverifications

voicePhrase

read

idverifications

voicePhrase

update

idverifications

voicePhrase

delete

idverifications

voicePhraseContent

create

idverifications

voicePhraseContent

read

idverifications

voicePhraseContent

update

idverifications

voicePhraseContent

delete

image

image

create

image

image

read

image

image

delete

integrations

integration

read

langmgt

language

create

langmgt

language

read

langmgt

language

update

langmgt

language

delete

ldapGateway

directLdap

execute

ldapGateway

kerberos

validate

ldapGateway

user

read

ldapGateway

userPassword

validate

licensing

environmentLicense

update

licensing

license

read

essential

licensing

mutableProperties

update

mfa

createTestDevice

create

mfa

device

authenticate

mfa

device

create

sensitive

mfa

device

read

mfa

device

update

sensitive

mfa

device

delete

sensitive

mfa

deviceAuthenticationPolicy

create

mfa

deviceAuthenticationPolicy

read

mfa

deviceAuthenticationPolicy

update

mfa

deviceAuthenticationPolicy

delete

mfa

deviceRequirements

read

mfa

deviceRequirements

update

mfa

deviceRequirements

delete

mfa

fidoDeviceMetadata

create

mfa

fidoDeviceMetadata

read

mfa

fidoDeviceMetadata

delete

mfa

fidoPolicy

create

mfa

fidoPolicy

read

mfa

fidoPolicy

update

mfa

fidoPolicy

delete

mfa

mfaSettings

read

mfa

mfaSettings

update

mfa

mfaSettings

delete

mfa

oathJob

read

mfa

oathToken

create

mfa

oathToken

read

mfa

oathToken

update

mfa

oathToken

delete

mfa

pairingKey

create

mfa

pairingKey

read

mfa

pairingKey

update

mfa

pairingKey

delete

notifications

emailDomain

create

notifications

emailDomain

read

notifications

emailDomain

update

notifications

emailDomain

delete

notifications

notification

create

notifications

notificationsPolicy

create

notifications

notificationsPolicy

read

notifications

notificationsPolicy

update

notifications

notificationsPolicy

delete

notifications

notificationsSettings

read

notifications

notificationsSettings

update

notifications

notificationsSettings

delete

notifications

quota

read

notifications

template

read

notifications

templateContent

create

notifications

templateContent

read

notifications

templateContent

update

notifications

templateContent

delete

notifications

userQuota

reset

orgmgt

deployment

create

orgmgt

deployment

read

essential

orgmgt

environment

create

sensitive

orgmgt

environment

promote

orgmgt

environment

read

essential

orgmgt

environment

update

orgmgt

environment

delete

sensitive

orgmgt

organization

read

essential

osmosis

connection

check

osmosis

mapping

read

osmosis

mapping

update

osmosis

mapping

delete

osmosis

plan

read

osmosis

plan

update

osmosis

plan

delete

osmosis

revision

create

osmosis

revision

get

osmosis

rule

read

osmosis

rule

update

osmosis

rule

delete

osmosis

store

read

osmosis

store

update

osmosis

store

delete

p14e

application

admin

p14e

auditReport

admin

p14e

device

admin

p14e

global

admin

p14e

identityRepository

admin

p14e

saas

admin

p14e

serviceUser

admin

p14e

support

admin

p14e

update

admin

permissions

applicationRoleAssignments

read

permissions

applicationRoleAssignments

update

sensitive

permissions

gatewayRoleAssignments

read

permissions

gatewayRoleAssignments

update

sensitive

permissions

gatewayRoleAssignments

delete

sensitive

permissions

groupRoleAssignments

create

sensitive

permissions

groupRoleAssignments

read

permissions

groupRoleAssignments

delete

sensitive

permissions

roles

create

sensitive

permissions

roles

read

sensitive

permissions

roles

update

sensitive

permissions

roles

delete

sensitive

permissions

userRoleAssignments

read

permissions

userRoleAssignments

update

sensitive

pingenterprise

orchestration

create

pingenterprise

orchestration

read

pingenterprise

orchestration

update

pingenterprise

orchestration

delete

pingfederate

auditor

admin

pingfederate

crypto

admin

pingfederate

expressions

admin

pingfederate

system

admin

pingfederate

users

admin

pingid

activity

read

pingid

integration

read

pingid

integration

update

pingid

migration

execute

pingid

migration

read

pingid

migration

validate

pingintelligence

orchestration

create

pingintelligence

orchestration

read

pingintelligence

orchestration

update

pingintelligence

orchestration

delete

prediction

prediction

create

privilege

adminConsole

access

privilege

onboardingToken

create

promotion

promotion

create

sensitive

promotion

promotion

execute

sensitive

promotion

promotion

read

sensitive

promotion

promotion

delete

sensitive

promotion

promotionConfiguration

read

sensitive

promotion

promotionConfiguration

update

sensitive

promotion

promotionVariable

create

sensitive

promotion

promotionVariable

read

sensitive

promotion

promotionVariable

update

sensitive

promotion

promotionVariable

delete

sensitive

promotion

snapshot

create

sensitive

promotion

snapshot

read

sensitive

promotion

snapshot

update

sensitive

promotion

snapshot

delete

sensitive

provisioning

connectionSensitiveConfiguration

get

provisioning

provisioningSyncOrchestration

create

provisioning

provisioningSyncOrchestration

update

radiusGateway

session

read

ratelimiting

rateLimitConfigs

create

ratelimiting

rateLimitConfigs

read

ratelimiting

rateLimitConfigs

update

ratelimiting

rateLimitConfigs

delete

ratelimiting

rateLimits

read

resources

attribute

create

resources

attribute

read

resources

attribute

update

resources

attribute

delete

resources

resource

create

resources

resource

import

resources

resource

read

resources

resource

update

resources

resource

delete

resources

scope

create

resources

scope

read

resources

scope

update

resources

scope

delete

resources

secret

read

sensitive

resources

secret

set

sensitive

resources

secret

update

sensitive

resources

secret

delete

sensitive

risk

evaluation

create

risk

evaluation

read

risk

evaluation

update

risk

feedback

create

risk

policy

create

risk

policy

read

risk

policy

update

risk

policy

delete

risk

predictor

create

risk

predictor

read

risk

predictor

update

risk

predictor

delete

risk

riskSettings

read

risk

riskSettings

update

risk

userProfile

reset

riskDetection

evaluation

create

scim

schema

read

scim

user

create

scim

user

read

scim

user

update

scim

user

delete

solutions

config

create

solutions

config

read

solutions

config

update

solutions

flow

read

solutions

token

read

subscriptions

subscription

create

subscriptions

subscription

read

subscriptions

subscription

test

subscriptions

subscription

update

subscriptions

subscription

delete

traffic

inboundTrafficPolicy

create

traffic

inboundTrafficPolicy

read

traffic

inboundTrafficPolicy

update

traffic

inboundTrafficPolicy

delete

traffic

ingressSettings

read

traffic

ingressSettings

update

visualization

apiUsage

read

visualization

authentication

read

visualization

dashboard

read

visualization

davinciMetrics

read

visualization

exploration

create

visualization

exploration

read

visualization

provisioning

read

visualization

template

read

visualization

userDemographics

read