Space Role Permissions

Stream Compute Service

Releases Notes and Announcements

Product Introduction

Purchase Guide

Configuration Adjustments

Getting Started

Preparations

Creating a Private Cluster

Creating a SQL Job

Creating a JAR Job

Creating an ETL Job

Creating a Python Job

Operation Guide

Managing Jobs

Developing Jobs

Developing Jobs in Batches

Advanced Job Parameters

Setting the Maximum Parallelism of a Job

Configuring Job Resources

Managing Versions

Monitoring Jobs

Viewing Monitoring Information

Configuring Monitoring Alarms (Numerical Metrics)

Configuring Event Alarms (Events)

Monitoring Metric List

Connecting to Prometheus

Viewing the Flink UI of a Job

Job Logs

Configuring Running Log Collection for a Job

Events and Diagnosis

Diagnosis with Logs

Viewing Critical Events

Events

Checkpointing Failure

Job Failure

Abnormal TaskManager Pod Exit

Abnormal JobManager Pod Exit

TaskManager Full GC Too Long

Too-High TaskManager CPU Load

High/Severe TaskManager Backpressure

JobManager CPU Load Too High

JobManager Full GC Too Long

Managing Metadata

Tuning Jobs

Managing Dependencies

Managing Clusters

Viewing the Information of a Cluster

Scaling Out a Cluster

Terminating a Cluster

Scaling In a Cluster

Migrating a Cluster

Customizing DNS Service

Testing Network Connectivity

Managing Permissions

Overview

Configuring Basic Permissions

Space Role Permissions

SQL Developer Guide

Overview

Glossary and Data Types

DDL Statements

DML Statements

Merging MySQL CDC Sources

Connectors

SET Statement

Flink Configuration Items

Operators and Built-in Functions

Overview

Comparison with Flink Built-in Functions

Type Conversion Functions

Date and Time Functions

Aggregate Functions

Time Window Functions

Other Functions

Identifiers and Reserved Words

Naming Rules

Reserved Words

Python Developer Guide

ETL Developer Guide

Connectors

DocumentationStream Compute ServiceOperation GuideManaging PermissionsSpace Role Permissions

Space Role Permissions

Download PDF

Last updated: 2023-11-08 10:16:06

Space Role Permissions

Last updated: 2023-11-08 10:16:06

Download PDF

Within the framework of the unified Tencent Cloud CAM, Stream Compute Service has its own predefined system for space role permissions ‍to help coordinate between different business departments of your organization. These permissions help you isolate compute resources of different businesses and control at a finer granularity the permissions of different members to view and operate jobs and files.
Predefined role permissions
‍Stream Compute Service provides four predefined space roles:
1. Super admin: Specified by the root account, a super admin has the highest level of access other than operating the root account and can be shared between different regions.
2. Space admin: Specified by the root account or a super admin account, a space admin has the permission to add or remove the members in a space.
3. Developer: Added to a space by a space admin/super admin/root account in the Members ‍module, a developer can operate jobs in the space.
4. Guest: Added to a space by a space admin/super admin/root account in the Members ‍module, a guest can only view resources in the space.
The detailed permissions of all predefined roles are as follows:
Permission
Super Admin
Space Admin
Developer
Guest
Create/Terminate cluster
✔️
❌
❌
❌
Modify cluster info
✔️
❌
❌
❌
Renew/Upgrade cluster
✔️
❌
❌
❌
View cluster
✔️
✔️
✔️
✔️
Add/Delete space
✔️
❌
❌
❌
Modify space attribute
✔️
❌
❌
❌
Associate/Disassociate cluster with/from space
✔️
❌
❌
❌
Add/Delete space member
✔️
✔️
❌
❌
Modify space member role
✔️
✔️
❌
❌
Edit super admin
✔️
❌
❌
❌
Create/Delete job
✔️
✔️
✔️
❌
Run/Stop job
✔️
✔️
✔️
❌
Develop/Test job
✔️
✔️
✔️
❌
Monitor alarm
✔️
✔️
✔️
❌
View job
✔️
✔️
✔️
✔️
Create/Delete dependency
✔️
✔️
✔️
❌
Edit dependency
✔️
✔️
✔️
❌
View dependency
✔️
✔️
✔️
✔️
Create/Delete metadatabase
✔️
✔️
✔️
❌
Create/Delete metadata table
✔️
✔️
✔️
❌
View metadata
✔️
✔️
✔️
✔️
Operate directory
✔️
✔️
✔️
❌
Granting predefined role permissions
Before granting space role permissions, you must have granted the target sub-account the access to Stream Compute Service and associated it with the required CAM policy. For details, see Granting Basic Permissions.
1. Add a super admin.
Log in to the console with the root account or a super admin account, ‍select Role permissions on the left sidebar, and click Edit on the page to add one or more sub-accounts as super admin. A super admin has the highest level of access other than operating the root account and can be shared between different regions.
Note
A super admin account can assist the root account in cases where it is inconvenient to use the root account. You can set super admins as needed.
If you log in with an account other than the root account or a super admin account, the Edit button will not appear.
2. Create a space with the root account or a super admin account.
Log in the console with the root account or a super admin account, select Workspaces on the left sidebar, and click Create workspace on the page.
Note
  You can create up to 30 workspaces in a region with the same APPID.
3. Associate a space with compute resources.
Log in the console with the root account or a super admin account, select Workspaces on the left sidebar, and click Associate now next to the compute resources field of the workspace created to go to the Compute resources module.
Select the cluster to be associated with the space. Till now, the compute resources and the space are associated with each other, and the compute resources will be available when you create a job in the space. To disassociate the space from compute resources, go to the Compute resources module, ‍and click Disassociate space.
Note
  Space and cluster association limits: A cluster can be used by up to 10 spaces, but there is no limit on the number of clusters a space can use.
4. Add a sub-account and grant a role in a space.
Log in the console with the root account or a super admin account, select Workspaces on the left sidebar, go to the space created, select Members, and click Add member.
‍Adding custom role permissions
1. On the Role permissions page, click Custom role.
2. Enter the required information and click Save.
3. Grant the permissions based on rules.
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

Permission	Super Admin	Space Admin	Developer	Guest
Create/Terminate cluster	✔️	❌	❌	❌
Modify cluster info	✔️	❌	❌	❌
Renew/Upgrade cluster	✔️	❌	❌	❌
View cluster	✔️	✔️	✔️	✔️
Add/Delete space	✔️	❌	❌	❌
Modify space attribute	✔️	❌	❌	❌
Associate/Disassociate cluster with/from space	✔️	❌	❌	❌
Add/Delete space member	✔️	✔️	❌	❌
Modify space member role	✔️	✔️	❌	❌
Edit super admin	✔️	❌	❌	❌
Create/Delete job	✔️	✔️	✔️	❌
Run/Stop job	✔️	✔️	✔️	❌
Develop/Test job	✔️	✔️	✔️	❌
Monitor alarm	✔️	✔️	✔️	❌
View job	✔️	✔️	✔️	✔️
Create/Delete dependency	✔️	✔️	✔️	❌
Edit dependency	✔️	✔️	✔️	❌
View dependency	✔️	✔️	✔️	✔️
Create/Delete metadatabase	✔️	✔️	✔️	❌
Create/Delete metadata table	✔️	✔️	✔️	❌
View metadata	✔️	✔️	✔️	✔️
Operate directory	✔️	✔️	✔️	❌

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service free trial

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

E-commerce

E-commerce retail solutions

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Financial Services

Financial Services Solution

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha

Cloud Workload Protection Platform

Data Security Governance Center

Key Management Service