Cloudflare Docs

Cloudflare Fundamentals

Cloudflare Docs

Cloudflare Fundamentals

Overview
Concepts
What is Cloudflare?
How Cloudflare works
Cloudflare IP addresses
Our free plan
Reference architectures
The Internet
How to use Cloudflare
Manage account
Create account
Verify email address
Log into Cloudflare
Manage email notifications
Account security
Add abuse contact
Allow Cloudflare access
Leaked Password Notifications
Login and account issues
Manage active sessions
Multi-Factor Email Authentication
Provision with SCIM
Review audit logs
Secure compromised account
Set up SSO
Two-factor authentication
Zone holds
Account customizations
Account name
Appearance
Communication preferences
Language preference
Manage domains
Add a site
Add multiple sites via automation
Change your domain version
Connect your domain
Manage subdomains
Move a domain between Cloudflare accounts
Pause Cloudflare
Redirect one domain to another
Remove a domain
Star websites
Manage members
Manage
Policies
Roles
Role scopes
Set up SSO
Accounts, zones, and profiles
Find zone and account IDs
Use Cloudflare without changing nameservers
Troubleshooting
Subscriptions and billing
Create billing profile
Billing Policy
Cancel Cloudflare subscriptions
Change domain plan
Change password or email
Change Super Administrator
Delete your Cloudflare account
Preview services
Troubleshoot failed payments
Understand Cloudflare invoices
Update billing information
Basic tasks
Enable basic features in bulk
Improve SEO
Interacting with Cloudflare
Maintenance mode
Minimize downtime
Optimize site speed
Prepare for surges or spikes in web traffic
Prevent DDoS attacks
Protect your origin server
Recovering from a hacked site
Scan for PCI compliance
Secure your website
Test speed
Trace a request
How to
Limitations
Changelog
Under a DDoS attack?
Cloudflare's API
Get started
Create API token
Get Global API key (legacy)
Get Origin CA keys
How to
Make API calls
Create tokens via API
Control API Access
Restrict tokens
Roll tokens
Reference
Limits
API token permissions
API token templates
API deprecations
SDKs
Troubleshooting
Building custom views
Reference
Policies
Cloudflare Cookies
Compliance documentation
Content Security Policies (CSPs)
Incident Management Policy
Project Cybersafe Schools
Abuse
Review abuse policies
Complaint types
Providing specific URLs
Customer abuse report obligations
Submit report
/cdn-cgi/ endpoint
Cloudflare and Google Analytics
Cloudflare crawlers
Cloudflare HTTP request headers
Cloudflare Ray ID
Connection limits
Cryptographic Attestation of Personhood
Glossary
Network Layers
Network ports
Partners
Redirects
TCP connections
Under Attack mode

Policies

Policies define what access a given user has to your account or domains, and are constructed out of three parts:

An actor (your user).
A ResourceGroup (a scope).
A PermissionGroup (roles).

An account member can have one or several of these policies to represent the most appropriate access.

To increase the usability and flexibility of Cloudflare’s role system, changes to the API have been made to expose these underlying data principles and allow users to interact with them.

For example, you may want to assign multiple policies and use scopes to control access to an account where you have a single account with both Production and Staging domains, and a user that should be able see the whole account, purge the production domains, but have the ability to configure the staging domains.

Manage policies

A set of standard API endpoints is present on every account that allow access to your members, which has recently been enhanced by a list of resourceGroups and PermissionGroups.

A resourceGroup is a unique identifier for the scope for which a policy applies.
A permissionGroup is a unique identifier for the set of roles that are assigned to a given policy.

Refer to the API documentation for more information.