Role Name | Read | List | Create | Delete | Update |
---|---|---|---|---|---|
admin | all | all | all | all except Organization | all |
read-only | all except Secrets, Service Accounts | all except Secrets, Service Accounts | none | none | none |
tenant-admin | Pulsar Instance, Pulsar Cluster | Pulsar Instance, Pulsar Cluster | no cloud resources, only pulsar resources | no cloud resources, only pulsar resources | no cloud resources, only pulsar resources |
basic | Pulsar Instance, Pulsar Cluster | Pulsar Instance, Pulsar Cluster | none | none | none |
Role Name | Read | List | Create | Delete | Update |
---|---|---|---|---|---|
admin | all | all | all | all | all |
read-only | all | all | none | none | none |
tenant-admin | only the tenant they administer | only the tenant they administer | only namespaces and topics in the tenant they administer | only namespaces and topics in the tenant they administer | only namespaces and topics in the tenant they administer |
basic | none | none | none | none | none |
Role Stack | Read | List | Create | Delete | Update |
---|---|---|---|---|---|
admin + any role | all | all | all | all | all |
basic+read-only+tenant-admin to one tenant | all except Secrets, ServiceAccounts | all except Secrets, ServiceAccounts | none | none | none |
Role Stack | Read | List | Create | Delete | Update |
---|---|---|---|---|---|
admin + any role | all | all | all | all | all |
basic+read-only+tenant-admin to one tenant | all | all | only namespaces and topics in the tenant they administer | only namespaces and topics in the tenant they administer | only namespaces and topics in the tenant they administer |
snctl pulsar admin
, PulsarCtl and Pulsar-Admin+
button, and selecting the tenants you want the user to administer.
...
), and click Edit Roles. This opens up the Edit Role menu, where roles can be added by clicking the checkbox next to a role.
snctl
.
Can roles be combined?
Yes - roles can be combined by assigning a user multiple roles within the invite / edit user modal.
snctl
or pulsarctl
.
a. Configure your snctl with service context and service account identity.
b. Configure your pulsarctl with new service account identity.Get
this resource to check the status of it.E.g:generation
means the resource current version.observedGeneration
means applied resource versionReady
’s status
means the applied status. applied or not applied.Permissions | Operation-Allowed (* means wildcard) |
---|---|
pulsar.namespaces.describe | pulsar.tenant_operation.list_namespace,pulsar.tenant_operation.get_bundle |
pulsar.namespaces.create | pulsar.tenant_operation.create_namespace |
pulsar.namespaces.delete | pulsar.tenant_operation.delete_namespace |
pulsar.namespaces.alter | pulsar.namespace_operation.add_bundle,pulsar.namespace_operation.delete_bundle,pulsar.namespace_operation.clear_backlog |
pulsar.topics.create | pulsar.namespace_operation.create_topic |
pulsar.topics.describe | pulsar.topic_operation.lookup,pulsar.topic_operation.get_topic,pulsar.topic_operation.get_topics,pulsar.topic_operation.get_bundle_range,pulsar.topic_operation.get_metadata,pulsar.topic_operation.get_backlog_size,pulsar.topic_operation.get_stats |
pulsar.topics.delete | pulsar.namespace_operation.delete_topic |
pulsar.topics.alter | pulsar.topic_operation.compact,pulsar.topic_operation.offload,pulsar.topic_operation.unload,pulsar.topic_operation.add_bundle_range,pulsar.topic_operation.terminate,pulsar.topic_operation.delete_bundle_range,pulsar.topic_operation.delete_metadata,pulsar.topic_operation.update_metadata,pulsar.namespace_operation.trim_topic,pulsar.topic_operation.trim_topic |
pulsar.messages.produce | pulsar.topic_operation.lookup,pulsar.topic_operation.produce |
pulsar.messages.consume | pulsar.topic_operation.lookup,pulsar.topic_operation.consume,pulsar.topic_operation.subscribe,pulsar.namespace_operation.unsubscribe,pulsar.topic_operation.unsubscribe,pulsar.topic_operation.consume,pulsar.topic_operation.peek_messages |
pulsar.subscriptions.create | pulsar.topic_operation.subscribe |
pulsar.subscriptions.delete | pulsar.topic_operation.unsubscribe,pulsar.namespace_operation.unsubscribe |
pulsar.subscriptions.alter | pulsar.topic_operation.expired_messages,pulsar.topic_operation.reset_cursor,pulsar.topic_operation.skip,pulsar.topic_operation.set_replicated_subscription_status |
pulsar.subscriptions.describe | pulsar.topic_operation.get_subscriptions,pulsar.topic_operation.get_replicated_subscription_status,pulsar.topic_operation.lookup |
pulsar.policies.describe | pulsar.policyoperation*.read |
pulsar.policies.alter | pulsar.policyoperation*.write |