IAM Reference
This page describes the IAM Reference options.
Administration
service: administration
Resource Syntax
administration:connection:${Environment}/${ConnectionType}/${Connection}administration:license:${Environment}administration:lenses-logs:${Environment}administration:lenses-configuration:${Environment}administration:setting:${Setting}
CreateConnection
connection
ListConnections
connection
GetConnectionDetails
connection
UpdateConnection
connection
DeleteConnection
connection
ListLicenses
license
GetLicenseDetails
license
UpdateLicense
license
GetLensesLogs
lenses-logs
GetLensesConfiguration
lenses-configuration
ListAgents
agent
GetAgentDetails
agent
UpdateAgent
agent
DeleteAgent
agent
GetSetting
setting
UpdateSetting
setting
Applications
service: applications
Resource Syntax
RegisterApplication
external-application
UnregisterApplication
external-application
ListApplications
external-application
GetApplicationDetails
external-application
ListApplicationDependants
external-application
Alerts
service: alerts
Resource Syntax
alerts:alert:${Environment}/${AlertType}/${Alert}
alerts:rule:${Environment}/Infrastructure/KafkaBrokerDown
alerts:rule:${Environment}/DataProduced/red-app-going-slow
CreateAlertRule
rule
DeleteAlertRule
rule
UpdateAlertRule
rule
ListAlertRules
rule
GetAlertRuleDetails
rule
ToggleAlertRule
rule
ListAlertEvents
alert-event
DeleteAlertEvents
alert-event
CreateChannel
alert-channel
ListChannels
alert-channel
GetChannelDetails
alert-channel
UpdateChannel
alert-channel
DeleteChannel
alert-channel
Audits
service: audit
Resource Syntax
audit:log:${Environment}
audit:channel:${Environment}/${AuditChannelType}/${AuditChannel}
ListLogEvents
log
GetLogEventDetails
log
CreateChannel
channel
ListChannels
channel
GetChannelDetails
channel
UpdateChannel
channel
DeleteChannel
channel
ToggleChannel
channel
Data Policies
service: data-policies
Resource Syntax
data-policies:policy:${Environment}/${Policy}
CreatePolicy
policy
ListPolicies
policy
GetPolicyDetails
policy
UpdatePolicy
policy
DeletePolicy
policy
ListPolicyDependants
policy
Environments
service: environments
Resource Syntax
environments:environment:${Environment}
CreateEnvironment
environment
DeleteEvironment
environment
ListEnvironments
environment
UpdateEnvironment
environment
AccessEnvironment
environment
Governance
service: governance
Resource Syntax
governance:request:${Environment}/${ActionType}/*
governance:rule:${Environment}/${RuleCategory}/*
CreateRequest
request
ListRequests
request
GetRequestDetails
request
ApproveRequest
request
DenyRequest
request
GetRuleDetails
rule
UpdateRule
rule
IAM
service: iam
Resource Syntax
iam:role:${Role}
iam:group:${Group}
iam:user:${Username}
iam:service-account:${ServiceAccount}
CreateRole
role
DeleteRole
role
UpdateRole
role
ListRoles
role
ListRoleDependants
role
GetRoleDetails
role
CreateGroup
group
DeleteGroup
group
UpdateGroup
group
ListGroups
group
ListGroupDependants
group
GetGroupDetails
group
CreateUser
user
DeleteUser
user
UpdateUser
user
ListUsers
user
ListUserDependants
user
GetUserDetails
user
CreateServiceAccount
service account
DeleteServiceAccount
service account
UpdateServiceAccount
service account
ListServiceAccounts
service account
ListServiceAccountDependants
service account
GetServiceAccountDetails
service account
Kafka Connect
service: kafka-connect
Resource Syntax
kafka-connect:connector:${Environment}/${KafkaConnectCluster}/${Connector}
kafka-connect:cluster:${Environment}/${KafkaConnectCluster}
name: global-connector-operator
policy:
- action:
- iam:List*
- iam:Get*
resource: iam:*
effect: allow
- action:
- environments:Get*
- environments:List*
- environments:AccessEnvironment
resource: environments:*
effect: allow
- action:
- kafka-connect:List*
- kafka-connect:GetClusterDetails
- kafka-connect:GetConnectorDetails
- kafka-connect:StartConnector
- kafka-connect:StopConnector
resource:
- kafka-connect:cluster:*/*
- kafka-connect:connector:*/*/*
effect: allowCreateConnector
connector
ListConnectors
connector
ListConnectors
connector
GetConnectorConfiguration
connector
UpdateConnectorConfiguration
connector
DeleteConnector
connector
StartConnector
connector
StopConnector
connector
ListConnectorDependants
connector
ListClusters
cluster
GetClusterDetails
cluster
DeployConnectors
cluster
Kafka
service: kafka
Resource Syntax
kafka:topic:${Environment}/${KafkaCluster}/${Topic}
kafka:acl:${Environment}/${KafkaCluster}/${AclResourceType}/* or kafka:acl:${Environment}/${KafkaCluster}/${AclResourceType}/${PrincipalType}/${Principal}
kafka:quota:${Environment}/${KafkaCluster}/${QuotaType}/* or
kafka:quota:${Environment}/${KafkaCluster}/clients
kafka:quota:${Environment}/${KafkaCluster}/users-default
kafka:quota:${Environment}/${KafkaCluster}/client/${ClientID}
kafka:quota:${Environment}/${KafkaCluster}/user/${Username}
kafka:quota:${Environment}/${KafkaCluster}/user/${Username}/client/${ClientID}
kafka:quota:${Environment}/${KafkaCluster}/user-client/${Username}/${ClientID}
kafka:quota:${Environment}/${KafkaCluster}/user/${Username}/client/*
kafka:quota:${Environment}/${KafkaCluster}/user-all-clients/${Username}
name: example
policy:
- action:
- kafka:ListTopics
- kafka:GetTopicDetails
resource:
- kafka:topic:my_env/kafka/my_topicCreateTopic
topic
DeleteTopic
topic
ListTopics
topic
GetTopicDetails
topic
UpdateTopicDetails
topic
ReadTopicData
topic
WriteTopicData
topic
DeleteTopicData
topic
ListTopicDependants
topic
List visibility of all entities that depend on this entity e.g. ListTopicDependants means that you'll be able to see (i.e. List) all consumer groups that read from that topic regardless of what your specific consumer group permissions.
CreateAcl
acl
GetAclDetails
acl
UpdateAcl
acl
DeleteAcl
acl
CreateQuota
quota
ListQuotas
quota
GetQuotaDetails
quota
UpdateQuota
quota
DeleteQuota
quota
DeleteConsumerGroup
consumer-group
UpdateConsumerGroup
consumer-group
ListConsumerGroups
consumer-group
GetConsumerGroupDetails
consumer-group
ListConsumerGroupDependants
consumer-group
Kubernetes
service: kubernetes
Resource Syntax
kubernetes:cluster:${Environment}/${KubernetesCluster}
kubernetes:namespace:${Environment}/${KubernetesCluster}/${KubernetesNamespace}
ListClusters
cluster
GetClusterDetails
cluster
ListNamespaces
namespace
DeployApps
namespace
Registry
service: registry
Resource Syntax
schemas:registry:${Environment}/${SchemaRegistry}
GetRegistryConfiguration
registry
UpdateRegistryConfiguration
registry
Schemas
service: schemas
Resource Syntax
schemas:schema:${Environment}/${SchemaRegistry}/${Schema}
CreateSchema
schema
DeleteSchema
schema
UpdateSchema
schema
GetSchemaDetails
schema
ListSchemas
schema
ListSchemaDependants
schema
SQL Streaming
service: sql-streaming
Resource Syntax
sql-streaming:sql-processor:${Environment}/${KubernetesCluster}/${KubernetesNamespace}/${SqlProcessor}
For IN_PROC processors sql-streaming:sql-processor:${Environment}/lenses-in-process/default/${SqlProcessor}
CreateProcessor
sql-processor
ListProcessors
sql-processor
GetProcessorDetails
sql-processor
GetProcessorSql
sql-processor
UpdateProcessorSql
sql-processor
DeleteProcessor
sql-processor
StartProcessor
sql-processor
StopProcessor
sql-processor
ScaleProcessor
sql-processor
GetProcessorLogs
sql-processor
ListProcessorDependants
sql-processor
Last updated
Was this helpful?