Movatterモバイル変換

[0]ホーム
URL:

Skip to content
Cloudflare Docs
Log in

Permissions are segmented into three categories based on resource:

  • Zone permissions
  • Account permissions
  • User permissions

Each category contains permission groups related to those resources. DNS permissions belong to the Zone category, while Billing permissions belong to the Account category. Below is a list of the available token permissions.

To obtain an updated list of token permissions, including the permission ID and the scope of each permission, use theList permission groups endpoint.

User permissions

The applicable scope of user permissions iscom.cloudflare.api.user.

NameDescription
API Tokens ReadGrants read access to user'sAPI tokens.
API Tokens EditGrants write access to user'sAPI tokens.
Memberships ReadGrants read access to a user'saccount memberships.
Memberships EditGrants write access to a user'saccount memberships.
User Details ReadGrants read access to user details.
User Details EditGrants write access to user details.

Account permissions

The applicable scope of account permissions iscom.cloudflare.api.account.

NameDescription
Access: Apps and Policies ReadGrants read access toCloudflare Access applications and policies
Access: Apps and Policies RevokeGrants ability to revokeCloudflare Access application tokens
Access: Apps and Policies EditGrants write access toCloudflare Access applications and policies
Access: Audit Logs ReadGrants read access toCloudflare Access audit logs.
Access: Custom Pages ReadGrants read access toCloudflare Access custom block pages.
Access: Custom Pages EditGrants write access toCloudflare Access custom block pages.
Access: Device Posture ReadGrants read access toCloudflare Access device posture.
Access: Device Posture EditGrants write access toCloudflare Access device posture.
Access: Mutual TLS Certificates ReadGrants read access toCloudflare Access mTLS certificates.
Access: Mutual TLS Certificates EditGrants write access toCloudflare Access mTLS certificates.
Access: Organizations, Identity Providers, and Groups ReadGrants read access toCloudflare Access account resources.
Access: Organizations, Identity Providers, and Groups RevokeGrants ability to revoke user sessions toCloudflare Access account resources.
Access: Organizations, Identity Providers, and Groups EditGrants write access toCloudflare Access account resources.
Access: Service Tokens ReadGrants read access toCloudflare Access service tokens.
Access: Service Tokens EditGrants write access toCloudflare Access service tokens.
Access: SSH Auditing ReadGrants read access toCloudflare Access SSH CAs.
Access: SSH Auditing EditGrants write access toCloudflare Access SSH CAs.
Account Analytics ReadGrants read access toaccount analytics.
Account Custom Pages ReadGrants read access to account-levelError Pages.
Account Custom Pages EditGrants write access to account-levelError Pages.
Account Filter Lists ReadGrants read access to Account Filter Lists.
Account Filter Lists EditGrants write access to Account Filter Lists.
Account Firewall Access Rules ReadGrants read access to account firewall access rules.
Account Firewall Access Rules EditGrants write access to account firewall access rules.
Account Rulesets ReadGrants read access toAccount Rulesets.
Account Rulesets EditGrants write access toAccount Rulesets.
Account Settings ReadGrants read access toAccount resources, account membership, and account level features.
Account Settings EditGrants write access toAccount resources, account membership, and account level features.
Account: SSL and Certificates ReadGrants read access toSSL and Certificates.
Account: SSL and Certificates EditGrants write access toSSL and Certificates.
Account WAF ReadGrants read access toAccount WAF.
Account WAF EditGrants write access toAccount WAF.
Address Maps EditGrants write access toAddress Maps
Address Maps ReadGrants read access toAddress Maps
Allow Request Tracer ReadGrants read access to Request Tracer.
API Gateway ReadGrants read access toAPI Gateway (including API Shield) for all domains in an account.
API Gateway EditGrants write access toAPI Gateway (including API Shield) for all domains in an account.
Billing ReadGrants read access tobilling profile, subscriptions, and access to fetch invoices and entitlements.
Billing EditGrants write access tobilling profile, subscriptions, and access to fetch invoices and entitlements.
Bulk URL Redirects ReadGrants read access toBulk Redirects.
Bulk URL Redirects EditGrants write access toBulk Redirects.
China Network Steering ReadGrants read access toChina Network Steering.
China Network Steering EditGrants write access toChina Network Steering.
Cloudchamber ReadGrants read access to Cloudchamber deployments.
Cloudchamber EditGrants write access to Cloudchamber deployments.
Cloudflare Realtime ReadGrants read access to Cloudflare Realtime.
Cloudflare Realtime EditGrants write access to Cloudflare Realtime.
Cloudflare DEX ReadGrants read access toDigital Experience Monitoring.
Cloudflare DEX EditGrants write access toDigital Experience Monitoring.
Cloudflare Images ReadGrants read access toCloudflare Images.
Cloudflare Images EditGrants write access toCloudflare Images.
Cloudflare One Connector: cloudflared ReadGrants read access tocloudflared connectors
Cloudflare One Connector: cloudflared EditGrants write access tocloudflared connectors
Cloudflare One Connector: WARP ReadGrants read access toWARP Connectors
Cloudflare One Connector: WARP EditGrants write access toWARP Connectors
Cloudflare One Connectors ReadGrants read access to Cloudflare One connectors
Cloudflare One Connectors EditGrants write access to Cloudflare One connectors
Cloudflare One Networks ReadGrants read access to Cloudflare One routes and virtual networks
Cloudflare One Networks EditGrants write access to Cloudflare One routes and virtual networks
Cloudflare Pages ReadGrants access to viewCloudflare Pages projects.
Cloudflare Pages EditGrants access to create, edit and deleteCloudflare Pages projects.
Cloudflare Tunnel ReadGrants access to viewCloudflare Tunnels.
Cloudflare Tunnel EditGrants access to create and deleteCloudflare Tunnels.
Cloudforce One ReadGrants read access to Cloudforce One.
Cloudforce One EditGrants write access to Cloudforce One.
Email Security ReadGrants read access toCloud Email Security.
Email Security EditGrants write access toEmail Security.
Constellation ReadGrants read access toConstellation.
Constellation EditGrants write access toConstellation.
D1 ReadGrants read access toD1.
D1 EditGrants write access toD1.
DDoS Botnet Feed ReadGrants read access to Botnet Feed reports.
DDoS Botnet Feed EditGrants write access to Botnet Feed configuration.
DDoS Protection ReadGrants read access toDDoS protection.
DDoS Protection EditGrants write access toDDoS protection.
DNS Firewall ReadGrants read access toDNS Firewall.
DNS Firewall EditGrants write access toDNS Firewall.
Email Routing Addresses ReadGrants read access toEmail Routing Addresses.
Email Routing Addresses EditGrants write access toEmail Routing Addresses.
Hyperdrive ReadGrants read access toHyperdrive.
Hyperdrive EditGrants write access toHyperdrive.
Intel ReadGrants read access toIntel.
Intel EditGrants write access toIntel.
Integration EditGrants write access to integrations.
IOT ReadGrants read access toIOT.
IOT EditGrants write access toIOT.
IP Prefixes: ReadGrants access to read IP prefix settings.
IP Prefixes: EditGrants access to read/write IP prefix settings.
IP Prefixes: BGP On Demand ReadGrants access to read IP prefix BGP configuration.
IP Prefixes: BGP On Demand EditGrants access to read and change IP prefix BGP configuration.
L3/4 DDoS Managed Ruleset ReadGrants read access toL3/4 DDoS managed ruleset.
L3/4 DDoS Managed Ruleset EditGrants write access toL3/4 DDoS managed ruleset.
Load Balancing: Monitors and Pools ReadGrants read access to account levelload balancer resources.
Load Balancing: Monitors and Pools EditGrants write access to account levelload balancer resources.
Logs ReadGrants read access to logs usingLogpull or Instant Logs.
Logs EditGrants read and write access toLogpull, Logpush, and Instant Logs.
Magic Firewall ReadGrants read access toMagic Firewall.
Magic Firewall EditGrants write access toMagic Firewall.
Magic Firewall Packet Captures ReadGrants read access toPacket Captures.
Magic Firewall Packet Captures EditGrants write access toPacket Captures.
Magic Network Monitoring ReadGrants read access toMagic Network Monitoring.
Magic Network Monitoring EditGrants write access toMagic Network Monitoring.
Magic Transit ReadGrants read access to manage a user'sMagic Transit prefixes.
Magic Transit EditGrants write access to manage a user'sMagic Transit prefixes.
Notifications ReadGrants read access toNotifications.
Notifications EditGrants write access toNotifications.
Page Shield ReadGrants read access toPage Shield.
Page Shield EditGrants write access toPage Shield.
Workers Pipelines ReadGrants read access to Cloudflare Pipelines.
Workers Pipelines EditGrants write access to Cloudflare Pipelines.
Pub/Sub ReadGrants read access toPub/Sub.
Pub/Sub EditGrants write access toPub/Sub.
Queues ReadGrants read access toQueues.
Queues EditGrants write access toQueues.
Rule Policies ReadGrants read access to Rule Policies.
Rule Policies EditGrants write access to Rule Policies.
Stream ReadGrants read access toCloudflare Stream.
Stream EditGrants write access toCloudflare Stream.
Transform Rules ReadGrants read access toTransform Rules.
Transform Rules EditGrants write access toTransform Rules.
Turnstile ReadGrants read access toTurnstile.
Turnstile EditGrants write access toTurnstile.
URL Scanner ReadGrants read access toURL Scanner.
URL Scanner EditGrants write access toURL Scanner.
Vectorize ReadGrants read access toVectorize.
Vectorize EditGrants write access toVectorize.
Workers AI ReadGrants read access toWorkers AI.
Workers AI EditGrants write access toWorkers AI.
Workers CI ReadGrants read access toWorkers CI.
Workers CI EditGrants write access toWorkers CI.
Workers KV Storage ReadGrants read access toCloudflare Workers KV Storage.
Workers KV Storage EditGrants write access toCloudflare Workers KV Storage.
Workers R2 Storage ReadGrants read access toCloudflare R2 Storage.
Workers R2 Storage EditGrants write access toCloudflare R2 Storage.
Workers Scripts ReadGrants read access toCloudflare Workers scripts.
Workers Scripts EditGrants write access toCloudflare Workers scripts.
Workers Tail ReadGrantswrangler tail read permissions.
Zero Trust ReadGrants read access toCloudflare Zero Trust resources.
Zero Trust ReportGrants reporting access toCloudflare Zero Trust.
Zero Trust EditGrants write access toCloudflare Zero Trust resources.
Zero Trust: PII ReadGrants read access toCloudflare Zero Trust PII.
Zero Trust: Seats EditGrants write access to the number ofZero Trust seats your organization can use (and be billed for).

Zone permissions

The applicable scope of zone permissions iscom.cloudflare.api.account.zone.

NameDescription
Access: Apps and Policies ReadGrants read access toCloudflare Access zone resources.
Access: Apps and Policies RevokeGrants ability to revoke all tokens toCloudflare Access zone resources.
Access: Apps and Policies EditGrants write access toCloudflare Access zone resources.
Analytics ReadGrants read access toanalytics.
API Gateway ReadGrants read access toAPI Gateway zone resources.
API Gateway EditGrants write access toAPI Gateway zone resources.
Apps EditGrants full access to Cloudflare Apps (deprecated, refer toWorkers instead).
Bot Management ReadGrants read access toBot Management.
Bot Management EditGrants write access toBot Management.
Bot Management Feedback ReadGrants read access toBot Management feedback.
Bot Management Feedback EditGrants write access toBot Management feedback.
Cache PurgeGrants access topurge cache.
Cache Rules ReadGrants read access toCache Rules.
Cache Rules EditGrants write access toCache Rules.
Cloud Connector ReadGrants read access toCloud Connector rules.
Cloud Connector EditGrants write access toCloud Connector rules.
Config Rules ReadGrants read access toConfiguration Rules.
Config Rules EditGrants write access toConfiguration Rules.
Custom Error Rules ReadGrants read access toCustom Error Rules.
Custom Error Rules EditGrants write access toCustom Error Rules.
Custom Pages ReadGrants read access toCustom Error Pages.
Custom Pages EditGrants write access toCustom Error Pages.
Dmarc Management ReadGrants read access toDMARC Management.
Dmarc Management EditGrants write access toDMARC Management.
DNS ReadGrants read access toDNS.
DNS WriteGrants write access toDNS.
Email Routing Rules ReadGrants read access toEmail Routing Rules.
Email Routing Rules EditGrants write access toEmail Routing Rules.
Firewall Services ReadGrants read access to Firewall resources.
Firewall Services EditGrants write access to Firewall resources.
Health Checks ReadGrants read access toHealth Checks.
Health Checks EditGrants write access toHealth Checks.
HTTP DDoS Managed Ruleset ReadGrants read access toHTTP DDoS managed ruleset.
HTTP DDoS Managed Ruleset EditGrants write access toHTTP DDoS managed ruleset.
Load Balancers ReadGrants read access toload balancer resources.
Load Balancers EditGrants write access toload balancer resources.
Logs ReadGrants read access to logs usingLogpull.
Logs EditGrants write access toLogpull and Logpush.
Managed Headers ReadGrants read access toManaged Headers.
Managed Headers EditGrants write access toManaged Headers.
Origin Rules ReadGrants read access toOrigin Rules.
Origin Rules EditGrants write access toOrigin Rules.
Page Rules ReadGrants read access toPage Rules.
Page Rules EditGrants write access toPage Rules.
Page Shield ReadGrants read access toPage Shield.
Page Shield EditGrants write access toPage Shield.
Response Compression ReadGrants read access toResponse Compression.
Response Compression EditGrants write access toResponse Compression.
Sanitize ReadGrants read access to sanitization.
Sanitize EditGrants write access to sanitization.
Single Redirect ReadGrants read access to zone-levelSingle Redirects.
Single Redirect EditGrants write access to zone-levelSingle Redirects.
SSL and Certificates ReadGrants read access toSSL configuration and certificate management.
SSL and Certificates EditGrants write access toSSL configuration and certificate management.
Transform Rules ReadGrants read access toTransform Rules.
Transform Rules EditGrants write access toTransform Rules.
Waiting Room ReadGrants read access toWaiting Room.
Waiting Room EditGrants write access toWaiting Room.
Web3 Hostnames ReadGrants read access toWeb3 Hostnames.
Web3 Hostnames EditGrants write access toWeb3 Hostnames.
Workers Routes ReadGrants read access toCloudflare Workers andWorkers KV Storage.
Workers Routes EditGrants write access toCloudflare Workers andWorkers KV Storage.
Zaraz ReadGrants read access toZaraz zone level settings.
Zaraz EditGrants write access toZaraz zone level settings.
Zone ReadGrants read access to zone management.
Zone EditGrants write access to zone management.
Zone Settings ReadGrants read access to zone settings.
Zone Settings EditGrants write access to zone settings.
Zone Versioning ReadGrants read access toZone Versioning at zone level.
Zone Versioning EditGrants write access toZone Versioning at zone level.
Zone WAF ReadGrants read access toZone WAF.
Zone WAF EditGrants write access toZone WAF.
[8]ページ先頭
©2009-2025 Movatter.jp