| qldb:CreateLedger | Admin |
| qldb:DeleteLedger | Admin |
| qldb:ExecuteStatement | Admin |
| qldb:ExportJournalToS3 | Admin |
| qldb:InsertSampleData | Admin |
| qldb:SendCommand | Admin |
| qldb:ShowCatalog | Admin |
| qldb:UpdateLedger | Admin |
| qldb:TagResource | Operator |
| qldb:UntagResource | Operator |
| iam:ListRoles | Metadata |
| kms:DescribeKey | Metadata |
| kms:ListAliases | Metadata |
| qldb:DescribeJournalS3Export | Metadata |
| qldb:DescribeLedger | Metadata |
| qldb:GetBlock | Metadata |
| qldb:GetDigest | Metadata |
| qldb:GetRevision | Metadata |
| qldb:ListJournalS3Exports | Metadata |
| qldb:ListJournalS3ExportsForLedger | Metadata |
| qldb:ListLedgers | Metadata |
| qldb:ListTagsForResource | Metadata |
| s3:GetBucketLocation | Metadata |
| s3:ListAllMyBuckets | Metadata |
