Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Namespaces

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
Integration test name(Class name + test name)
CreateADMIN (on the CDAP instance)

ADMIN

BasicAuthorizationTestBase.testBasicGrantOperations
UpdateADMIN (on the namespace)  
DeleteADMIN (on the namespace)ADMIN on the namespace, and all entities in the namespace
 
View/ListAny of READ, WRITE, EXECUTE, or ADMINAny privilege on the namespace or any of its descendants. 
Get Namespace Meta Any privilege on the namespace or any of its descendants. 


Artifacts

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
AddWRITE (on the namespace)ADMIN
Add a propertyADMIN (on namespace) | ADMIN (on artifact)ADMIN
Remove a propertyADMIN (on namespace) | ADMIN (on artifact)ADMIN
Use to deploy an app ADMIN | READ
DeleteADMIN (on namespace) | ADMIN (on artifact)ADMIN
View/ListAny of READ, WRITE, EXECUTE, or ADMIN (on namespace) | Any of READ, WRITE, EXECUTE, or ADMIN (on artifact)Any privilege on the artifact
Get artifact info/summary/detail ADMIN | READ

 

Applications

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
AddWRITE (on the namespace) and READ (on the artifact if deployed from an artifact)

ADMIN

*Also see artifact privileges and principal privileges

DeleteADMIN (on the application) | ADMIN (on the namespace)ADMIN
View/ListAny of READ, WRITE, EXECUTE, or ADMIN (on namespace) | Any of READ, WRITE, EXECUTE, or ADMIN (on application)Any privilege on the application or any of its descendants.
Get application detail ADMIN | READ

 

Programs

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
Start, Stop, or Debug(EXECUTE (on the program) | EXECUTE (on the application) | EXECUTE (on the namespace)) & READ (on the namespace)EXECUTE
Set instancesADMIN (on the namespace) | ADMIN (on the application) | ADMIN (on the program)ADMIN
Set runtime argumentsADMIN (on the namespace) | ADMIN (on the application) | ADMIN (on the program)
ADMIN
Retrieve runtime argumentsREAD (on the namespace) | READ (on the application) | READ (on the program)
READ | EXECUTE | ADMIN
Retrieve statusAny of READ, WRITE, EXECUTE, or ADMIN 
View/ListAny of READ, WRITE, EXECUTE, or ADMIN 
Get program specification ADMIN | READ

 

Datasets

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
CreateWRITE (on the namespace)ADMIN
Read(READ (on the dataset) and READ (namespace)) | READ (on the namespace)READ
Retrieving propertiesNot DocumentedAny of READWRITEADMIN, or EXECUTE
WriteWRITE (on the dataset) | WRITE (on the namespace)WRITE
Update(ADMIN (on the dataset) and READ (on the namespace)) | (ADMIN (on the namespace) and READ (on the namespace))ADMIN
UpgradeADMIN (on the dataset) | ADMIN (on the namespace)ADMIN
TruncateADMIN (on the dataset) | ADMIN (on the namespace)ADMIN
DropADMIN (on the dataset) | ADMIN (on the namespace)ADMIN
View/ListAny of READ, WRITE, EXECUTE, or ADMIN 
Get dataset meta ADMIN | READ | WRITE

 

Dataset Modules

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
DeployWRITE (on the namespace)ADMIN
DeleteADMIN (on the dataset module) | ADMIN (on the namespace)ADMIN
Delete-all in the namespaceADMIN (on the namespace)ADMIN on all dataset modules in the namespace
View/ListAny of READ, WRITE, EXECUTE, or ADMIN 
Get module meta ADMIN | READ

 

Dataset Types

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
View/ListAny of READ, WRITE, EXECUTE, or ADMIN 
Get dataset type meta ADMIN | READ

 

Secure Keys

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
CreateWRITE (on the namespace)ADMIN
DeleteADMIN (on the key) | ADMIN (on the namespace)ADMIN
View/ListAny of READ, WRITE, EXECUTE, or ADMIN 
ReadNot DocumentedREAD (on the key)

 

Streams

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
CreateWRITE (on the namespace)ADMIN
Retrieving eventsREAD (on the stream) & READ (on the namespace)READ
Retrieving propertiesAny of READWRITEADMIN, or EXECUTE 
Sending events to a stream (sync, async, or batch)(WRITE (on the stream) and READ (on the namespace)) | WRITE (on namespace & READ (on the namespace))WRITE
DropADMIN (on stream) | ADMIN (on namespace)ADMIN
Drop-all in the namespaceADMIN (on the namespace) | ADMIN (on the stream)ADMIN on all the streams in the namespace
UpdateADMIN (on the namespace) | ADMIN (on the stream)ADMIN
TruncateADMIN (on the namespace) | ADMIN (on the stream)ADMIN
View/ListAny of READ, WRITE, EXECUTE, or ADMIN 
Get stream property ADMIN | READ

 

Principal

Operation
Privileges Required (Existing)
Privileges Required (Proposed)
Deploy an app to impersonate a principal ADMIN
Create a namespace with owner prinicpal ADMIN
Create a dataset with owner prinicpal ADMIN
Create a stream with owner prinicpal ADMIN
Run a explore query as impersonated prinicpal EXECUTE
  • No labels