{
  "addmembertogroup": {
    "name": "AddMemberToGroup",
    "description": "Grants permission to add a member to a group in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "completevirtualmfadeviceregistration": {
    "name": "CompleteVirtualMfaDeviceRegistration",
    "description": "Grants permission to complete the creation process of a virtual MFA device",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "completewebauthndeviceregistration": {
    "name": "CompleteWebAuthnDeviceRegistration",
    "description": "Grants permission to complete the registration process of a WebAuthn device",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createalias": {
    "name": "CreateAlias",
    "description": "Grants permission to create an alias for the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createbearertoken": {
    "name": "CreateBearerToken",
    "description": "Grants permission to create a bearer token for a given provisioning tenant",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createexternalidpconfigurationfordirectory": {
    "name": "CreateExternalIdPConfigurationForDirectory",
    "description": "Grants permission to create an External Identity Provider configuration for the directory",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "creategroup": {
    "name": "CreateGroup",
    "description": "Grants permission to create a group in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createprovisioningtenant": {
    "name": "CreateProvisioningTenant",
    "description": "Grants permission to create a provisioning tenant for a given directory",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createuser": {
    "name": "CreateUser",
    "description": "Grants permission to create a user in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletebearertoken": {
    "name": "DeleteBearerToken",
    "description": "Grants permission to delete a bearer token",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deleteexternalidpcertificate": {
    "name": "DeleteExternalIdPCertificate",
    "description": "Grants permission to delete the given external IdP certificate",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deleteexternalidpconfigurationfordirectory": {
    "name": "DeleteExternalIdPConfigurationForDirectory",
    "description": "Grants permission to delete an External Identity Provider configuration associated with the directory",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletegroup": {
    "name": "DeleteGroup",
    "description": "Grants permission to delete a group from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletemfadeviceforuser": {
    "name": "DeleteMfaDeviceForUser",
    "description": "Grants permission to delete a MFA device by device name for a given user",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deleteprovisioningtenant": {
    "name": "DeleteProvisioningTenant",
    "description": "Grants permission to delete the provisioning tenant",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deleteuser": {
    "name": "DeleteUser",
    "description": "Grants permission to delete a user from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describedirectory": {
    "name": "DescribeDirectory",
    "description": "Grants permission to retrieve information about the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describegroup": {
    "name": "DescribeGroup",
    "description": "Grants permission to query the group data, not including user and group members",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describegroups": {
    "name": "DescribeGroups",
    "description": "Grants permission to retrieve information about groups from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describeprovisioningtenant": {
    "name": "DescribeProvisioningTenant",
    "description": "Grants permission to describes the provisioning tenant",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describeuser": {
    "name": "DescribeUser",
    "description": "Grants permission to retrieve information about a user from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describeuserbyuniqueattribute": {
    "name": "DescribeUserByUniqueAttribute",
    "description": "Grants permission to describe user with a valid unique attribute represented for the user",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describeusers": {
    "name": "DescribeUsers",
    "description": "Grants permission to retrieve information about user from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "disableexternalidpconfigurationfordirectory": {
    "name": "DisableExternalIdPConfigurationForDirectory",
    "description": "Grants permission to disable authentication of end users with an External Identity Provider",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "disableuser": {
    "name": "DisableUser",
    "description": "Grants permission to deactivate a user in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "enableexternalidpconfigurationfordirectory": {
    "name": "EnableExternalIdPConfigurationForDirectory",
    "description": "Grants permission to enable authentication of end users with an External Identity Provider",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "enableuser": {
    "name": "EnableUser",
    "description": "Grants permission to activate user in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getawsspconfigurationfordirectory": {
    "name": "GetAWSSPConfigurationForDirectory",
    "description": "Grants permission to retrieve the AWS IAM Identity Center Service Provider configurations for the directory",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getgroupid": {
    "name": "GetGroupId",
    "description": "Grants permission to retrieve ID information about group from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getuserid": {
    "name": "GetUserId",
    "description": "Grants permission to retrieve ID information about user from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getuserpoolinfo": {
    "name": "GetUserPoolInfo",
    "description": "(Deprecated) Grants permission to get UserPool Info",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "importexternalidpcertificate": {
    "name": "ImportExternalIdPCertificate",
    "description": "Grants permission to import the IdP certificate used for verifying external IdP responses",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "ismemberingroup": {
    "name": "IsMemberInGroup",
    "description": "Grants permission to check if a member is a part of the group in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "ismemberingroups": {
    "name": "IsMemberInGroups",
    "description": "Grants permission to check if a member is a part of multiple groups in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listbearertokens": {
    "name": "ListBearerTokens",
    "description": "Grants permission to list bearer tokens for a given provisioning tenant",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listexternalidpcertificates": {
    "name": "ListExternalIdPCertificates",
    "description": "Grants permission to list the external IdP certificates of a given directory and IdP",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listexternalidpconfigurationsfordirectory": {
    "name": "ListExternalIdPConfigurationsForDirectory",
    "description": "Grants permission to list all the External Identity Provider configurations created for the directory",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listgroups": {
    "name": "ListGroups",
    "description": "Grants permission to list groups from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listgroupsformember": {
    "name": "ListGroupsForMember",
    "description": "Grants permission to list groups of the target member",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listgroupsforuser": {
    "name": "ListGroupsForUser",
    "description": "Grants permission to list groups for a user from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listmembersingroup": {
    "name": "ListMembersInGroup",
    "description": "Grants permission to retrieve all members that are part of a group in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listmfadevicesforuser": {
    "name": "ListMfaDevicesForUser",
    "description": "Grants permission to list all active MFA devices and their MFA device metadata for a user",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listprovisioningtenants": {
    "name": "ListProvisioningTenants",
    "description": "Grants permission to list provisioning tenants for a given directory",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listusers": {
    "name": "ListUsers",
    "description": "Grants permission to list users from the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "removememberfromgroup": {
    "name": "RemoveMemberFromGroup",
    "description": "Grants permission to remove a member that is part of a group in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "searchgroups": {
    "name": "SearchGroups",
    "description": "Grants permission to search for groups within the associated directory",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "searchusers": {
    "name": "SearchUsers",
    "description": "Grants permission to search for users within the associated directory",
    "accessLevel": "Read",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "startvirtualmfadeviceregistration": {
    "name": "StartVirtualMfaDeviceRegistration",
    "description": "Grants permission to begin the creation process of virtual mfa device",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "startwebauthndeviceregistration": {
    "name": "StartWebAuthnDeviceRegistration",
    "description": "Grants permission to begin the registration process of a WebAuthn device",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updateexternalidpconfigurationfordirectory": {
    "name": "UpdateExternalIdPConfigurationForDirectory",
    "description": "Grants permission to update an External Identity Provider configuration associated with the directory",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updategroup": {
    "name": "UpdateGroup",
    "description": "Grants permission to update information about a group in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updategroupdisplayname": {
    "name": "UpdateGroupDisplayName",
    "description": "Grants permission to update group display name update group display name response",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updatemfadeviceforuser": {
    "name": "UpdateMfaDeviceForUser",
    "description": "Grants permission to update MFA device information",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updatepassword": {
    "name": "UpdatePassword",
    "description": "Grants permission to update a password by sending password reset link via email or generating one time password for a user in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updateuser": {
    "name": "UpdateUser",
    "description": "Grants permission to update user information in the directory that AWS IAM Identity Center provides by default",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "updateusername": {
    "name": "UpdateUserName",
    "description": "Grants permission to update user name update user name response",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "verifyemail": {
    "name": "VerifyEmail",
    "description": "Grants permission to verify an email address of an User",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  }
}