Permissions by Role
May 26, 2023
Use this article to reference permissions granted to each role when assigning them to your team/resources.
You can also use the command pachctl auth roles-for-permission <permission>
to look up which roles provide a given permission.
RepoReaderRole #
Permission |
---|
REPO_READ |
REPO_INSPECT_COMMIT |
REPO_LIST_COMMIT |
REPO_LIST_BRANCH |
REPO_LIST_FILE |
REPO_INSPECT_FILE |
REPO_ADD_PIPELINE_READER |
REPO_REMOVE_PIPELINE_READER |
PIPELINE_LIST_JOB |
RepoWriterRole #
The RepoWriterRole
includes all of the RepoReaderRole
permissions, plus the following:
Permission |
---|
REPO_WRITE |
REPO_DELETE_COMMIT |
REPO_CREATE_BRANCH |
REPO_DELETE_BRANCH |
REPO_ADD_PIPELINE_WRITER |
RepoOwnerRole #
The RepoOwnerRole
includes all of the RepoWriterRole
and RepoReaderRole
permissions, plus the following:
Permission |
---|
REPO_MODIFY_BINDINGS |
REPO_DELETE |
oidcAppAdminRole #
Permission |
---|
CLUSTER_IDENTITY_DELETE_OIDC_CLIENT |
CLUSTER_IDENTITY_CREATE_OIDC_CLIENT |
CLUSTER_IDENTITY_UPDATE_OIDC_CLIENT |
CLUSTER_IDENTITY_LIST_OIDC_CLIENTS |
CLUSTER_IDENTITY_GET_OIDC_CLIENT |
idpAdminRole #
Permission |
---|
CLUSTER_IDENTITY_CREATE_IDP |
CLUSTER_IDENTITY_UPDATE_IDP |
CLUSTER_IDENTITY_LIST_IDPS |
CLUSTER_IDENTITY_GET_IDP |
CLUSTER_IDENTITY_DELETE_IDP |
identityAdminRole #
Permission |
---|
CLUSTER_IDENTITY_SET_CONFIG |
CLUSTER_IDENTITY_GET_CONFIG |
debuggerRole #
Permission |
---|
CLUSTER_DEBUG_DUMP |
CLUSTER_GET_PACHD_LOGS |
robotUserRole #
Permission |
---|
CLUSTER_AUTH_GET_ROBOT_TOKEN |
licenseAdminRole #
Permission |
---|
CLUSTER_LICENSE_ACTIVATE |
CLUSTER_LICENSE_GET_CODE |
CLUSTER_LICENSE_ADD_CLUSTER |
CLUSTER_LICENSE_UPDATE_CLUSTER |
CLUSTER_LICENSE_DELETE_CLUSTER |
CLUSTER_LICENSE_LIST_CLUSTERS |
secretAdminRole #
Permission |
---|
CLUSTER_CREATE_SECRET |
CLUSTER_LIST_SECRETS |
SECRET_INSPECT |
SECRET_DELETE |
pachdLogReaderRole #
Permission |
---|
CLUSTER_GET_PACHD_LOGS |
clusterAdminRole #
The ClusterAdminRole includes all of the previous permissions, plus the following:
Permission |
---|
CLUSTER_MODIFY_BINDINGS |
CLUSTER_GET_BINDINGS |
CLUSTER_AUTH_ACTIVATE |
CLUSTER_AUTH_DEACTIVATE |
CLUSTER_AUTH_GET_CONFIG |
CLUSTER_AUTH_SET_CONFIG |
CLUSTER_AUTH_MODIFY_GROUP_MEMBERS |
CLUSTER_AUTH_GET_GROUPS |
CLUSTER_AUTH_GET_GROUP_USERS |
CLUSTER_AUTH_EXTRACT_TOKENS |
CLUSTER_AUTH_RESTORE_TOKEN |
CLUSTER_AUTH_ROTATE_ROOT_TOKEN |
CLUSTER_AUTH_DELETE_EXPIRED_TOKENS |
CLUSTER_AUTH_GET_PERMISSIONS_FOR_PRINCIPAL |
CLUSTER_AUTH_REVOKE_USER_TOKENS |
CLUSTER_ENTERPRISE_ACTIVATE |
CLUSTER_ENTERPRISE_HEARTBEAT |
CLUSTER_ENTERPRISE_GET_CODE |
CLUSTER_ENTERPRISE_DEACTIVATE |
CLUSTER_DELETE_ALL |
CLUSTER_ENTERPRISE_PAUSE |