policyActions

Return the complete catalog of ABAC actions available in Massdriver.

Actions are the building blocks of policies. Each action has an id in {entity}:{verb} form (for example project:view, instance:deploy) and a human-readable description. The full list is small and static, so this query returns every action in a single response — no pagination.

Results are sorted alphabetically by id.

Visibility model: if you can view a project, you can see every environment and instance within it. There is no environment:view or instance:view primitive. Sensitive payloads are protected by resource:export and repo:pull (both audit-logged), not by hiding topology.

Example:

query PolicyActions {
  policyActions(organizationId: "my-org") {
    id
    verb
    description
    entity { id description }
  }
}

policyActions(
  organizationId: ID!
): [PolicyAction!]!

Arguments

`policyActions.organizationId` ● `ID!` non-null scalar {#organization-id}

Your organization's unique identifier.

Type

`PolicyAction` object

A single action a policy can allow or deny. Actions follow the format {entity}:{verb} — for example project:view or instance:deploy.

Use policyActions to enumerate the complete catalog when building a policy-authoring UI. Descriptions are written for end users and explain what the action permits, what it does not permit, and how it relates to other actions (especially around the project-as-view-boundary model).

Arguments​

policyActions.organizationId ● ID! non-null scalar {#organization-id}​

Type​

PolicyAction object​

Arguments

`policyActions.organizationId` ● `ID!` non-null scalar {#organization-id}

Type

`PolicyAction` object