# IAM Reference ## Administration service: **administration** **Resource Syntax** * `administration:connection:${Environment}/${ConnectionType}/${Connection}` * `administration:license:${Environment}` * `administration:lenses-logs:${Environment}` * `administration:lenses-configuration:${Environment}` * `administration:setting:${Setting}`

Operation	Resource Type	Description
CreateConnection	connection
ListConnections	connection
GetConnectionDetails	connection
UpdateConnection	connection
DeleteConnection	connection
ListLicenses	license
GetLicenseDetails	license
UpdateLicense	license
GetLensesLogs	lenses-logs
GetLensesConfiguration	lenses-configuration
ListAgents	agent
GetAgentDetails	agent
UpdateAgent	agent
DeleteAgent	agent
GetSetting	setting
UpdateSetting	setting

## Applications service: **applications** **Resource Syntax**

Operation	Resource Type	Description
RegisterApplication	external-application
UnregisterApplication	external-application
ListApplications	external-application
GetApplicationDetails	external-application
ListApplicationDependants	external-application

## Alerts service: **alerts** **Resource Syntax** * alerts:alert:${Environment}/${AlertType}/${Alert} * alerts:rule:${Environment}/Infrastructure/KafkaBrokerDown * alerts:rule:${Environment}/DataProduced/red-app-going-slow

Operation	Resource Type	Description
CreateAlertRule	rule
DeleteAlertRule	rule
UpdateAlertRule	rule
ListAlertRules	rule
GetAlertRuleDetails	rule
ToggleAlertRule	rule
ListAlertEvents	alert-event
DeleteAlertEvents	alert-event
CreateChannel	alert-channel
ListChannels	alert-channel
GetChannelDetails	alert-channel
UpdateChannel	alert-channel
DeleteChannel	alert-channel

## Audits service: **audit** **Resource Syntax** * audit:log:${Environment} * audit:channel:${Environment}/${AuditChannelType}/${AuditChannel}

Operation	Resource Type	Description
ListLogEvents	log
GetLogEventDetails	log
CreateChannel	channel
ListChannels	channel
GetChannelDetails	channel
UpdateChannel	channel
DeleteChannel	channel
ToggleChannel	channel

## Data Policies service: **data-policies** **Resource Syntax** * data-policies:policy:${Environment}/${Policy}

Operation	Resource Type	Description
CreatePolicy	policy
ListPolicies	policy
GetPolicyDetails	policy
UpdatePolicy	policy
DeletePolicy	policy
ListPolicyDependants	policy

## Environments service: **environments** **Resource Syntax** * environments:environment:${Environment}

Operation	Resource Type	Description
CreateEnvironment	environment
DeleteEnvironment	environment
ListEnvironments	environment
UpdateEnvironment	environment
AccessEnvironment	environment
GetEnvironmentDetails	environment	Permission which allows users to gain overview of more information about the environment such as metrics, versions and more.

## Governance service: **governance** **Resource Syntax** * governance:request:${Environment}/${ActionType}/\* * governance:rule:${Environment}/${RuleCategory}/\*

Operation	Resource Type	Description
CreateRequest	request
ListRequests	request
GetRequestDetails	request
ApproveRequest	request
DenyRequest	request
GetRuleDetails	rule
UpdateRule	rule

## IAM service: **iam** **Resource Syntax** * iam:role:${Role} * iam:group:${Group} * iam:user:${Username} * iam:service-account:${ServiceAccount}

Operation	Resource Type	Description
CreateRole	role
DeleteRole	role
UpdateRole	role
ListRoles	role
ListRoleDependants	role
GetRoleDetails	role
CreateGroup	group
DeleteGroup	group
UpdateGroup	group
ListGroups	group
ListGroupDependants	group
GetGroupDetails	group
CreateUser	user
DeleteUser	user
UpdateUser	user
ListUsers	user
ListUserDependants	user
GetUserDetails	user
CreateServiceAccount	service account
DeleteServiceAccount	service account
UpdateServiceAccount	service account
ListServiceAccounts	service account
ListServiceAccountDependants	service account
GetServiceAccountDetails	service account

## Kafka Connect service: **kafka-connect** **Resource Syntax** * kafka-connect:connector:${Environment}/${KafkaConnectCluster}/${Connector} * kafka-connect:cluster:${Environment}/${KafkaConnectCluster} {% code title="Example role permission" %} ```yaml name: global-connector-operator policy: - action: - iam:List* - iam:Get* resource: iam:* effect: allow - action: - environments:Get* - environments:List* - environments:AccessEnvironment resource: environments:* effect: allow - action: - kafka-connect:List* - kafka-connect:GetClusterDetails - kafka-connect:GetConnectorDetails - kafka-connect:StartConnector - kafka-connect:StopConnector resource: - kafka-connect:cluster:*/* - kafka-connect:connector:*/*/* effect: allow ``` {% endcode %}

Operation	Resource Type	Description
CreateConnector	connector
ListConnectors	connector
ListConnectors	connector
GetConnectorConfiguration	connector
UpdateConnectorConfiguration	connector
DeleteConnector	connector
StartConnector	connector
StopConnector	connector
ListConnectorDependants	connector
ListClusters	cluster
GetClusterDetails	cluster
DeployConnectors	cluster

## Kafka service: **kafka** **Resource Syntax** * kafka:topic:${Environment}/${KafkaCluster}/${Topic} * kafka:acl:${Environment}/${KafkaCluster}/${AclResourceType}/\* or kafka:acl:${Environment}/${KafkaCluster}/${AclResourceType}/${PrincipalType}/${Principal} * kafka:quota:${Environment}/${KafkaCluster}/${QuotaType}/\* or * kafka:quota:${Environment}/${KafkaCluster}/clients * kafka:quota:${Environment}/${KafkaCluster}/users-default * kafka:quota:${Environment}/${KafkaCluster}/client/${ClientID} * kafka:quota:${Environment}/${KafkaCluster}/user/${Username} * kafka:quota:${Environment}/${KafkaCluster}/user/${Username}/client/${ClientID} * kafka:quota:${Environment}/${KafkaCluster}/user-client/${Username}/${ClientID} * kafka:quota:${Environment}/${KafkaCluster}/user/${Username}/client/\* * kafka:quota:${Environment}/${KafkaCluster}/user-all-clients/${Username} {% code title="Example role permission" %} ```yaml name: example policy: - action: - kafka:ListTopics - kafka:GetTopicDetails resource: - kafka:topic:my_env/kafka/my_topic ``` {% endcode %}

Operation	Resource Type	Description
CreateTopic	topic
DeleteTopic	topic
ListTopics	topic
GetTopicDetails	topic
UpdateTopicDetails	topic
ReadTopicData	topic
WriteTopicData	topic
DeleteTopicData	topic
ListTopicDependants	topic	List visibility of all entities that depend on this entity e.g. ListTopicDependants means that you'll be able to see (i.e. List) all consumer groups that read from that topic regardless of what your specific consumer group permissions.
CreateAcl	acl
GetAclDetails	acl
UpdateAcl	acl
DeleteAcl	acl
CreateQuota	quota
ListQuotas	quota
GetQuotaDetails	quota
UpdateQuota	quota
DeleteQuota	quota
DeleteConsumerGroup	consumer-group
UpdateConsumerGroup	consumer-group
ListConsumerGroups	consumer-group
GetConsumerGroupDetails	consumer-group
ListConsumerGroupDependants	consumer-group

## Kubernetes service: **kubernetes** **Resource Syntax** * kubernetes:cluster:${Environment}/${KubernetesCluster} * kubernetes:namespace:${Environment}/${KubernetesCluster}/${KubernetesNamespace}

Operation	Resource Type	Description	Example
ListClusters	cluster
GetClusterDetails	cluster
ListNamespaces	namespace
DeployApps	namespace

## Registry service: **registry** **Resource Syntax** * schemas:registry:${Environment}/${SchemaRegistry}

Operation	Resource Type	Description
GetRegistryConfiguration	registry
UpdateRegistryConfiguration	registry

## Schemas service: **schemas** **Resource Syntax** * schemas:schema:${Environment}/${SchemaRegistry}/${Schema}

Operation	Resource Type	Description
CreateSchema	schema
DeleteSchema	schema
UpdateSchema	schema
GetSchemaDetails	schema
ListSchemas	schema
ListSchemaDependants	schema

## SQL Streaming service: **sql-streaming** **Resource Syntax** * sql-streaming:sql-processor:${Environment}/${KubernetesCluster}/${KubernetesNamespace}/${SqlProcessor} * For IN\_PROC processors sql-streaming:sql-processor:${Environment}/lenses-in-process/default/${SqlProcessor}

Available Actions	Resource Type	Description
CreateProcessor	sql-processor
ListProcessors	sql-processor
GetProcessorDetails	sql-processor
GetProcessorSql	sql-processor
UpdateProcessorSql	sql-processor
DeleteProcessor	sql-processor
StartProcessor	sql-processor
StopProcessor	sql-processor
ScaleProcessor	sql-processor
GetProcessorLogs	sql-processor
ListProcessorDependants	sql-processor

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.lenses.io/latest/devx/6.0/user-guide/iam/iam-reference.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.