Access permissions for Teracloud® Streams domain and instance objects
This information describes the administrator and user access permissions for Teracloud® Streams domain and instance objects.
Some objects require multiple permissions. For example, you must have search and delete authority for the hosts domain object to remove a resource from a domain.
The person who created each listed object is the owner. Owners have 'own' permission, which grants them all rights on the object.
| Domain object | DomainAdministrator permissions | DomainUser permissions |
|---|---|---|
| domain | delete: Remove a domain. | No access permissions |
| write: Start and stop a domain; restart domain services; and clean domain logs. | ||
| config | read: View tags and properties. | read |
| write: Manage roles, users, and groups; modify properties; view and set permissions; and make and modify tags. | ||
| hosts | add: Add a resource to the domain. | search, read |
| read: Get information about the state of the domain. | ||
| search: View available resources. | ||
| search + delete: Remove a resource from the domain. | ||
| search + read + write: Modify tags. | ||
| write: Quiesce and resume resources, and remove tags. | ||
| instances | add: Create or copy an instance. | search |
| search: View the instances in the domain. | ||
| system-log | read: View and get the domain, instance, and job logs. | No access permissions |
| appconfig | search: View domain-level application configurations. | search |
| add: Create new application configurations at the domain level. | ||
| appconfig_element-name where element-name is the name of the application configuration object within the domain configuration | read: View domain-level application configuration elements. | read |
| write: Create an application configuration element at the domain level. | ||
| delete: Remove a domain-level application configuration element. |
| Instance object | DomainAdministrator and InstanceAdministrator permissions | InstanceUser permissions |
|---|---|---|
| instance | delete: Remove an instance. | search |
| search: Capture information about the resources in an instance; copy an instance; list the instance when listing domain instances; view the instance and application logs; and get information about the state of an instance. | ||
| write: Start and stop the instance, and clean the instance log. | ||
| config | read: View properties and list job groups. | read |
| write: Manage roles, users, and groups; modify properties; view and set permissions; create and remove job groups; and manage resource specifications. | ||
| hosts | add: Add a resource to an instance. | search, read |
| read: Get information about the state of the instance. | ||
| search + delete: Remove a resource and its services from an instance. | ||
| search + read: List resources in an instance. | ||
| search + read + delete: Remove a resource specification from an instance. | ||
| search + read + write: Modify a resource specification. | ||
| write: Quiesce and resume resources. | ||
| jobs | add: Create a job group. | search, add |
| search: List jobs and PEs, and get information about the state and status of jobs and PEs. | ||
| default job group or any job group created by a user |
add: Submit a job. | add The user who submits a job has the following permissions: read, write, add, delete |
| delete: Stop a job or a PE in a job. | ||
| add + delete: Update or restart a PE in a job. | ||
| read: Receive data from jobs; get information about the state of jobs; list jobs and PEs; and view application and PE logs. | ||
| write: Send data to jobs. | ||
| jobs-override | add: Run the streamtool submitjob command with the --override option. | No access permissions |
| application-log | read: View and get the application logs. | read |
| system-log | read: View and get the instance and application logs. | No access permissions |
| appconfig | search: View instance-level application configurations. | search, add |
| add: Create application configurations at the instance level. | ||
| appconfig_element-name where element-name is the name of the application configuration object within the instance configuration | read: View instance-level application configuration elements. | read, write, delete |
| write: Create an application configuration element at the instance level. | ||
| delete: Remove an instance-level application configuration element. |