# general


07/24/2019, 2:24 PM
Does anyone have any tips or tools on how to properly determine the permissions required to deploy a Pulumi stack? I’ve been using full admin when deploying just because it’s guaranteed to work, but it feels like it violates the principle of least privilege. Obviously Pulumi needs the ability to create resources of (potentially) any type, and delete resources which it created. But it would be nice to find a role that prevented it from doing other potentially nefarious things, like destroying backups or logs.