Page tree
Skip to end of metadata
Go to start of metadata

Bluelytics has the possibility to grant and revoke different permissions to allow users or roles to call certain actions. Mainly the system distinguish between global and resource based permissions.

 

Global Permissions

Global permissions are granted system wide regardless of any queries or resources. 

System Permissions

PermisssionDescription
SystemConfigureThe user is allowed to change system configuration properties.
SystemUpdateThe user is allowed to update the system
SystemRestartThe user is allowed to restart the system
SystemPluginInstallThe user is allowed to install new plugins
SystemPluginInstallThe user is allowed to remove plugins

User Permissions

PermisssionDescription
UserCreateThe user is allowed to create users
UserAlterThe user is allowed to change users.
UserDeleteThe user is allowed to delete users.
UserReadThe user is allowed to read/list other users

Role and Grant Permissions

PermisssionDescription
RoleCreateThe user is allowed to create roles
RoleAlterThe user is allowed to change roles.
RoleDeleteThe user is allowed to delete roles.
RoleReadThe user is allowed to read/list roles
RoleGrantThe user is allowed to grant roles to users.
RoleRevokeThe user is allowed to revoke roles from users.
PermissionGrantThe user is allowed to grant certain permissions to users.
PermissionRevokeThe user is allowed to revoke certain permissions from users

Space Permissions

PermisssionDescription
SpaceCreateThe user is allowed to create spaces
SpaceAlterThe user is allowed to change any spaces.
SpaceDeleteThe user is allowed to delete any spaces
SpaceReadThe user is allowed to read any space, e.g. to list all queries within the space.
SpaceListThe user is allowed to list existing spaces

Resource Permissions

You can also define permissions for certain resources. A resource is a query, a stream, a view, a source or a sink. So it's possible to allow a certain user to start and stop a certain query, but not to remove the query.

Space Permissions

These permissions are similar to the global ones, but allows to define this on a resource level. So instead of allow a user to list the details of all spaces, you can grant "SpaceRead" for a given space, so that the user can list the contents of only this space.

PermisssionDescription
SpaceAlterThe user is allowed to change a certain space.
SpaceDeleteThe user is allowed to delete a certain space.
SpaceReadThe user is allowed to read a certain space, e.g. to list all queries within the space.

Query Permissions

PermisssionDescription
QueryAddThe user is allowed to add queries
QueryReadThe user is allowed to read a query
QueryDeleteThe user is allowed to delete a query
QueryStartThe user is allowed to start a query
QueryStopThe user is allowed to stop a query
QuerySuspendThe user is allowed to suspend a query
QueryResumeThe user is allowed to resume a query

 

 

  • No labels