# Access for the Account API
<a name="account-access-control"></a>

Access control and permissions are managed by AWS Identity and Access Management (IAM). This section provides guidance for configuring the necessary permissions to interact with the Account API.

## Prerequisites
<a name="account-prerequisites"></a>

Before configuring permissions, ensure that your AWS account is linked to and that you created the necessary IAM roles and users. For more information, see [Setup and Authentication](https://docs.aws.amazon.com/partner-central/latest/APIReference/setup-authentication.html).

## Using AWS managed policies
<a name="account-using-aws-managed-policies"></a>

AWS provides managed policies that grant the required permissions to interact with the Account API. To provide the necessary access to manage account resources, attach the `AWSPartnerCentralFullAccess` policy to your IAM identities. For more information, see [AWS managed policies for users](https://docs.aws.amazon.com/partner-central/latest/getting-started/managed-policies.html).

## Assigning policies to IAM roles and users
<a name="account-assigning-policies"></a>

Follow these steps to assign policies to IAM roles and users:

1. Sign in to the AWS Management Console.

1. Navigate to the IAM service.

1. Select roles or users, and choose the IAM role or user to which you want to attach a policy.

1. Attach the `AWSPartnerCentralFullAccess` policy to the selected IAM role or user.

For more information, see [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html).

## Managing permissions using condition keys
<a name="account-managing-permissions-with-condition-keys"></a>

Condition keys in IAM policies provide resource-level permissions for when to enforce statement policies. You can use condition keys to specify conditions that dictate when certain permissions are allowed or denied.

For more information, see [IAM JSON policy elements: Condition operators](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html).


**Condition keys overview**  

| Condition key | Description | Applicable actions | Valid values | 
| --- | --- | --- | --- | 
| partnercentral:Catalog | filters access by the type of the associated catalog entity | all actions | AWS, sandbox | 

## Summary of required permissions
<a name="account-summary-of-required-permissions"></a>


**Summary of required permissions**  

| Action | Description | 
| --- | --- | 
| partnercentral:AcceptConnectionInvitation | allows accepting connection invitations | 
| partnercentral:AssociateAwsTrainingCertificationEmailDomain | allows associating AWS training certification email domains | 
| partnercentral:CancelConnection | allows canceling connections | 
| partnercentral:CancelConnectionInvitation | allows canceling connection invitations | 
| partnercentral:CancelProfileUpdateTask | allows canceling profile update tasks | 
| partnercentral:CreateConnectionInvitation | allows creating connection invitations | 
| partnercentral:CreatePartner | allows creating partners | 
| partnercentral:DisassociateAwsTrainingCertificationEmailDomain | allows disassociating AWS training certification email domains | 
| partnercentral:GetAllianceLeadContact | allows retrieving alliance lead contact details | 
| partnercentral:GetConnection | allows retrieving connection details | 
| partnercentral:GetConnectionInvitation | allows retrieving connection invitation details | 
| partnercentral:GetConnectionPreferences | allows retrieving connection preferences | 
| partnercentral:GetPartner | allows retrieving partner details | 
| partnercentral:GetProfileUpdateTask | allows retrieving profile update task details | 
| partnercentral:GetProfileVisibility | allows retrieving profile visibility settings | 
| partnercentral:GetVerification | allows retrieving verification details | 
| partnercentral:ListConnectionInvitations | allows listing connection invitations | 
| partnercentral:ListConnections | allows listing connections | 
| partnercentral:ListPartners | allows listing partners | 
| partnercentral:PutAllianceLeadContact | allows updating alliance lead contact details | 
| partnercentral:PutProfileVisibility | allows updating profile visibility settings | 
| partnercentral:RejectConnectionInvitation | allows rejecting connection invitations | 
| partnercentral:SendEmailVerificationCode | allows sending email verification codes | 
| partnercentral:StartProfileUpdateTask | allows starting profile update tasks | 
| partnercentral:StartVerification | allows starting verification processes | 
| partnercentral:UpdateConnectionPreferences | allows updating connection preferences |