言語 / Languages

Articles in this section

What Are Some Examples of SAM Permissions?

The following examples demonstrate Soracom Access Management (SAM) permissions for common levels of access. For additional information about SAM and how to set it up, please refer to Users & Roles.

The following examples are provided only for reference. Please carefully review each parameter before you use them in your account to ensure you have set the correct permissions required.

Example 1: Allow Read Access to the List of SIMs and Billing Information

{
  "statements": [
    {
      "api": [
        "Subscriber:list*",
        "Billing:*",
        "Payment:get*",
        "Payment:list*",
        "Payment:exportPaymentStatement",
        "Stats:*",
        "Files:*",
        "Query:searchSubscribers"
      ],
      "effect": "allow"
    }
  ]
}

Example 2: Allow Read Access to the List of SIMs and Full Access to Monitoring Settings

{
  "statements": [
    {
      "api": [
        "EventHandler:*",
        "Sim:listSims",
        "Subscriber:listSubscribers",
        "Query:searchSims",
        "Query:searchSubscribers",
        "Group:listGroups",
        "CellLocation:*"
      ],
      "effect": "allow"
    }
  ]
}

Example 3: Allow Read Access to Data Stored in Harvest

{
  "statements": [
    {
      "api": [
        "Sim:getDataFromSim",
        "Subscriber:getDataFromSubscriber",
        "LoraDevice:getDataFromLoraDevice",
        "SigfoxDevice:getDataFromSigfoxDevice",
        "DataEntry:getDataEntries",
        "DataEntry:getDataEntry"
      ],
      "effect": "allow"
    }
  ]
}

Example 4: Deny Access to Support Tickets and Allow Full Access to All Other APIs

{
  "statements": [
    {
      "api": "*",
      "effect": "allow"
    },
    {
      "api": [
        "Operator:generateSupportToken"
      ],
      "effect": "deny"
    }
  ]
}

Example 5: Allow Full Access to All APIs

{
  "statements": [
    {
      "api": "*",
      "effect": "allow"
    }
  ]
}

Example 6: Allow a SAM User to Change Their Own Password

{
  "statements": [
    {
      "effect": "allow",
      "api": "User:updateUserPassword",
      "condition": "pathVariable('user_name') == samUserName"
    }
  ]
}

Example 7: Allow Full Access to a Specific SIM

{
  "statements":[
    {
      "api":[
        "Sim:activateSim",
        "Sim:deactivateSim",
        "Sim:deleteSimSession",
        "Sim:getSim"
      ],
      "effect":"allow",
      "condition":"pathVariable('sim_id') == 'Input your SIM ID'"
    },
    {
      "api":[
        "Sim:listSims",
        "Group:listGroups",
        "Query:searchSims",
        "CellLocation:*"
      ],
      "effect":"allow"
    }
  ]
}
Was this article helpful?
0 out of 0 found this helpful
Return to top