| acm-pca:CreateCertificateAuthority | Admin |
| acm-pca:CreatePermission | Admin |
| acm-pca:DeleteCertificateAuthority | Admin |
| acm-pca:DeletePermission | Admin |
| acm-pca:DeletePolicy | Admin |
| acm-pca:DescribeCertificateAuthority | Admin |
| acm-pca:DescribeCertificateAuthorityAuditReport | Admin |
| acm-pca:ImportCertificateAuthorityCertificate | Admin |
| acm-pca:IssueCertificate | Admin |
| acm-pca:PutPolicy | Admin |
| acm-pca:RestoreCertificateAuthority | Admin |
| acm-pca:RevokeCertificate | Admin |
| acm-pca:UpdateCertificateAuthority | Admin |
| acm:DeleteCertificate | Admin |
| acm:ExportCertificate | Admin |
| acm:ImportCertificate | Admin |
| acm:PutAccountConfiguration | Admin |
| acm:RenewCertificate | Admin |
| acm:RequestCertificate | Admin |
| acm:ResendValidationEmail | Admin |
| acm:UpdateCertificateOptions | Admin |
| acm-pca:CreateCertificateAuthorityAuditReport | Operator |
| acm-pca:TagCertificateAuthority | Operator |
| acm-pca:UntagCertificateAuthority | Operator |
| acm:AddTagsToCertificate | Operator |
| acm:RemoveTagsFromCertificate | Operator |
| acm-pca:GetCertificate | ReadOnly |
| acm-pca:GetCertificateAuthorityCertificate | ReadOnly |
| acm-pca:GetCertificateAuthorityCsr | ReadOnly |
| acm-pca:GetPolicy | Metadata |
| acm-pca:ListCertificateAuthorities | Metadata |
| acm-pca:ListPermissions | Metadata |
| acm-pca:ListTags | Metadata |
| acm:DescribeCertificate | Metadata |
| acm:GetAccountConfiguration | Metadata |
| acm:GetCertificate | Metadata |
| acm:ListCertificates | Metadata |
| acm:ListTagsForCertificate | Metadata |
