Skip to content

update: add service:metrics:read permission #1417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
staceysalamon-aiven wants to merge 1 commit into
base: main
Choose a base branch
from
Open

update: add service:metrics:read permission #1417

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 16 additions & 15 deletions docs/platform/concepts/permissions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,21 +91,22 @@ These permissions apply to the

<!--Listed in alphabetical order based on API name-->

| Console name | API name | Allowed actions |
| ---------------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| View project audit logs | `project:audit_logs:read` | <ul> <li> [View the logs](/docs/platform/howto/view-project-logs) for the project. </li> <li> View all services in the project. </li> </ul> |
| View project integrations | `project:integrations:read` | <ul> <li> View all integration endpoints for the project. </li> <li> View all service integrations for the project, including integrations with services in other projects. </li> </ul> |
| Manage project integrations | `project:integrations:write` | <ul> <li> Add and remove integration endpoints. </li> <li> Enable and disable service integrations. </li> <li> Create services to integrate an existing service with. </li> <li> Read and write integration secrets. </li> </ul> |
| View project networking | `project:networking:read` | <ul> <li> View all project VPCs. </li> <li> List all peering connections. </li> </ul> |
| Manage project networking | `project:networking:write` | <ul> <li> Create, edit, and delete project VPCs and peering connections. </li> <li> View all project VPCs and peering connections. </li> </ul> |
| View project permissions | `project:permissions:read` | <ul> <li> View all users granted permissions to a project. </li> </ul> |
| View services | `project:services:read` | <ul> <li> View all details for services in a project, except the service logs and metrics. </li> </ul> |
| Manage services | `project:services:write` | <ul> <li> Create and delete services. </li> <li> Power on and off services. </li> <li> Add and remove dynamic disk sizing and tiered storage. </li> <li> Change service plans. </li> <li> Change deployment models. </li> <li> Change clouds and regions. </li> <li> Update IP allowlists. </li> <li> Change the network configuration options. </li> <li> Add, edit, and delete service tags. </li> <li> Enable and disable termination protection. </li> <li> Configure backup settings. </li> <li> Add and remove service contacts. </li> <li> Create a fork of a service. </li> </ul> |
| Manage service configuration | `service:configuration:write` | <ul> <li> Change clouds and regions. </li> <li> Change deployment models. </li> <li> Update IP allowlists. </li> <li> Change the network configuration options. </li> <li> Add and remove service tags. </li> <li> Enable and disable termination protection. </li> <li> Configure backup settings. </li> <li> Add and remove service contacts. </li> </ul> |
| Access data | `service:data:write` | <ul> <li> Perform service queries through the API and Console. </li> <li> View query statistics and current queries. </li> <li> Manage service-specific features like Kafka Topics and Schemas, PostgreSQL connection pools, and OpenSearch indexes. </li> </ul> |
| View service logs | `service:logs:read` | <ul> <li> View logs for all services in the project. </li> </ul> **Service logs may contain sensitive information.** |
| View configuration secrets | `service:secrets:read` | <ul> <li> Read service configuration secrets such as keys. </li> <li> View service users. </li> </ul> |
| Manage service users | `service:users:write` | <ul> <li> Create and delete service users. </li> <li> View service users. </li> <li> View, update, and reset connection information for services. </li> <li> View service user credentials. </li> <li> Manage service user credentials. </li> <li> View all services in a project. </li> </ul> |
| Console name | API name | Allowed actions |
| ---------------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| View project audit logs | `project:audit_logs:read` | <ul> <li> [View the logs](/docs/platform/howto/view-project-logs) for the project. </li> <li> View all services in the project. </li> </ul> |
| View project integrations | `project:integrations:read` | <ul> <li> View all integration endpoints for the project. </li> <li> View all service integrations for the project, including integrations with services in other projects. </li> </ul> |
| Manage project integrations | `project:integrations:write` | <ul> <li> Add and remove integration endpoints. </li> <li> Enable and disable service integrations. </li> <li> Create services to integrate an existing service with. </li> <li> Read and write integration secrets. </li> </ul> |
| View project networking | `project:networking:read` | <ul> <li> View all project VPCs. </li> <li> List all peering connections. </li> </ul> |
| Manage project networking | `project:networking:write` | <ul> <li> Create, edit, and delete project VPCs and peering connections. </li> <li> View all project VPCs and peering connections. </li> </ul> |
| View project permissions | `project:permissions:read` | <ul> <li> View all users granted permissions to a project. </li> </ul> |
| View services | `project:services:read` | <ul> <li> View all details for services in a project, except the service logs and metrics. </li> </ul> |
| Manage services | `project:services:write` | <ul> <li> Create and delete services. </li> <li> Power on and off services. </li> <li> Add and remove dynamic disk sizing and tiered storage. </li> <li> Change service plans. </li> <li> Change deployment models. </li> <li> Change clouds and regions. </li> <li> Update IP allowlists. </li> <li> Change the network configuration options. </li> <li> Add, edit, and delete service tags. </li> <li> Enable and disable termination protection. </li> <li> Configure backup settings. </li> <li> Add and remove service contacts. </li> <li> Create a fork of a service. </li> </ul> |
| Manage service configuration | `service:configuration:write` | <ul> <li> Change clouds and regions. </li> <li> Change deployment models. </li> <li> Update IP allowlists. </li> <li> Change the network configuration options. </li> <li> Add and remove service tags. </li> <li> Enable and disable termination protection. </li> <li> Configure backup settings. </li> <li> Add and remove service contacts. </li> </ul> |
| Access data | `service:data:write` | <ul> <li> Perform service queries through the API and Console. </li> <li> View query statistics and current queries. </li> <li> Manage service-specific features like Kafka Topics and Schemas, PostgreSQL connection pools, and OpenSearch indexes. </li> </ul> |
| View service logs | `service:logs:read` | <ul> <li> View logs for all services in the project. </li> </ul> **Service logs may contain sensitive information.** |
| View service metrics | `service:metrics:read` | <ul> <li> View metrics for all services in the project. </li> </ul> |
| View configuration secrets | `service:secrets:read` | <ul> <li> Read service configuration secrets such as keys. </li> <li> View service users. </li> </ul> |
| Manage service users | `service:users:write` | <ul> <li> Create and delete service users. </li> <li> View service users. </li> <li> View, update, and reset connection information for services. </li> <li> View service user credentials. </li> <li> Manage service user credentials. </li> <li> View all services in a project. </li> </ul> |

<RelatedPages/>

Expand Down
Loading