Pravega Controller Authorization Model Reference

Discussions to Refer to

Permissions Required for Controller Operations

The following table lists the level of permissions required for the specified Controller gRPC/REST operation. All the data listed in the table below is verified to be correct as of 15-July-2020.

S.No.	Action	Resource String for Auth	Required Permission	gRPC / REST Operation
1.	List scopes	`/`, and `<scope-name>` for each scope	READ	`NA` / `listScopes`
2.	Get a scope	`<scope-name>`	READ	`NA`/ `getScope`
3.	Create a scope	`/`	READ_UPDATE	`createScope`/`createScope`
4.	Delete a scope	`/`	READ_UPDATE	`deleteScope`/`deleteScope`
5.	List streams	`<scope-name>` and `<scope-name>/<stream-name>` for each stream	READ	`listStreamsInScope`/`listStreams`
6.	Get a stream	`<scope-name>/<stream-name>`	READ	`NA`/`getStream`
7.	Create a stream	`<scope-name>`	READ_UPDATE	`createStream`/`createStream`
8.	Update a stream	`<scope-name>/<stream-name>`	READ_UPDATE	`updateStream`/`updateStream`
9.	Update a stream's state	`<scope-name>/<stream-name>`	READ_UPDATE	NA/`updateStreamState`
10.	Delete a stream	`<scope-name>/<stream-name>`	READ_UPDATE	`deleteStream`/`deleteStream`
11.	Truncate a stream	`<scope-name>/<stream-name>`	READ_UPDATE	`truncateStream`/ `NA`
12.	Seal a stream	`<scope-name>/<stream-name>`	READ_UPDATE	`sealStream`/ `NA`
13.	List reader groups	`<scope-name>`	READ	`NA` /`listReaderGroups`
14.	Get a reader group	`<scope-name>/<reader-group-name>`	READ	`NA`/`getReaderGroup`
15.	List scaling events of a stream	`<scope-name>/<stream-name>`	READ	`NA` / `getScalingEvents`
16.	List current stream segments	`<scope-name>/<stream-name>`	READ_UPDATE	`getCurrentSegments` / `NA`
17.	List stream segments	`<scope-name>/<stream-name>`	READ_UPDATE	`getSegments`/ `NA`
18.	List segments following	`<scope-name>/<stream-name>`	READ	`getSegmentsImmediatlyFollowing`/`NA`
19.	List segments between	`<scope-name>/<stream-name>`	READ	`getSegmentsBetween`/ `NA`
20.	Scale (a stream)	`<scope-name>/<stream-name>`	READ_UPDATE	`scale`/`NA`
21.	Check scale status	`<scope-name>/<stream-name>`	READ	`checkScale`/`NA`
22.	Get URI for segment	`<scope-name>/<stream-name>`	READ	`getURI` / `NA`
23.	Is Segment valid	`<scope-name>/<stream-name>`	READ	`isSegmentValid`/ `NA`
24.	Is stream cut valid	`<scope-name>/<stream-name>`	READ	`isStreamCutValid` / `NA`
25.	Create a transaction	`<scope-name>/<stream-name>`	READ_UPDATE	`createTransaction` / `NA`
26.	Commit transaction	`<scope-name>/<stream-name>`	READ_UPDATE	`commitTransaction` / `NA`
27.	Abort transaction	`<scope-name>/<stream-name>`	READ_UPDATE	`abortTransaction` / `NA`
28.	Ping transaction	`<scope-name>/<stream-name>`	READ_UPDATE	`pingTransaction` / `NA`
29.	Check transaction state	`<scope-name>/<stream-name>`	READ	`checkTransactionState` / `NA`
30.	Get delegation token	`<scope-name>/<stream-name>`	READ_UPDATE	`getDelegationToken`/ `NA`

Pravega Controller Authorization Model Reference - derekm/pravega GitHub Wiki

Discussions to Refer to

Permissions Required for Controller Operations

⚠️ GitHub.com Fallback ⚠️

Pravega Controller Authorization Model Reference - derekm/pravega GitHub Wiki

Discussions to Refer to

Permissions Required for Controller Operations

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️