Permissions table

CLI Commands Method Path Permissions Shortcut
eai account ls GET /v1/account      - /v1/organization/{yourOrganizationID}/account
eai account new {name} POST /v1/account      - /v1/organization/{yourOrganizationID}/account
eai account ls {accountID} GET /v1/account/{accountID}/account  account:get on accountID
account:get on children account of accountID
 
eai account new {accountID}.{name} POST /v1/account/{accountID}/account  account:get on accountID
account:new on accountID
 
eai app ls {accountID} GET /v1/account/{accountID}/app  account:get on accountID
app:get on children data of accountID
 
eai app new {accountID}.{name} POST /v1/account/{accountID}/app  account:get on accountID
app:new on accountID
 
eai data ls {accountID} GET /v1/account/{accountID}/data  account:get on accountID
data:get on children data of accountID
 
eai data new {accountID}.{name} POST /v1/account/{accountID}/data  account:get on accountID
data:new on accountID
 
eai job ls --account {accountID} GET /v1/account/{accountID}/job  account:get on accountID
job:get on children job of accountID
 
eai job new  --account {accountID} POST /v1/account/{accountID}/job  account:get on accountID
job:new on accountID

data:get and data:read on dataID for data mounted as readonly
data:
get and data:write on dataID for data mounted as read/write
registry:
pull for docker image on the registryAccountID
role:
apply-job on roleID for role usage on a job
 
- GET /v1/account/{accountID}/job_occupancy account:get on accountID
job:get on children job of accountID
 
- GET /v1/account/{accountID}/job_run account:get on accountID
job:get on children job of accountID
 
eai account role ls {accountID} GET /v1/account/{accountID}/role  account:get on accountID
role:get on children role of accountID
 
eai account role new {accountID}.{name} POST /v1/account/{accountID}/role  account:get on accountID
role:new on accountID
 
eai privateregistry ls {accountID} GET /v1/account/{accountID}/privateregistry  account:get on accountID
privateregistry:get on children service of accountID
 
eai privateregistry new {accountID}.{name} POST /v1/account/{accountID}/privateregistry  account:get on accountID
privateregistry:new on accountID
 
eai service ls {accountID} GET /v1/account/{accountID}/service  account:get on accountID
service:get on children service of accountID
 
eai service new {accountID}.{name} POST /v1/account/{accountID}/service  account:get on accountID
service:new on accountID
data:new on accountID
role:new on accountID
 
eai account size {accountID} GET /v1/account/{accountID}/size  account:get on accountID  
- HEAD /v1/account/{accountID} account:get on accountID  
eai account get {accountID} GET /v1/account/{accountID} account:get on accountID  
eai account set {accountID} PUT /v1/account/{accountID} account:get on accountID
account:set on accountID
 
eai rule allowed {action}@{resource} POST /v1/allowed action on resource for calling user  
eai rule allowed {action}@{resource} {subject} POST /v1/allowed action on resource for subject user/role
user:
get or role:get on subject
 
- GET /v1/allowed_operation no permission check  
eai app ls GET /v1/app - /v1/organization/{yourOrganizationID}/app
eai app new {name} POST /v1/app - /v1/organization/{yourOrganizationID}/app
- HEAD /v1/app/{appID} app:get on appID  
eai app get {appID} GET /v1/app/{appID} app:get on appID  
eai app set {appID} PUT /v1/app/{appID} app:get on appID
app:set on appID
 
eai app rm {appID} DELETE /v1/app/{appID} app:get on appID
app:rm on appID
 
  - /v1/cluster/{type}   /v1/cluster/{randomValue}/{type}
- GET /v1/cluster/{anyValue}/{type} {type}:get on all {type}  
- GET /v1/cluster/{anyValue}/account account:get on all account  
- GET /v1/cluster/{anyValue}/data data:get on all data  
eai job ls --all GET /v1/cluster/{anyValue}/job job:get on all job  
- GET /v1/cluster/{anyValue}/job_occupancy job:get on all data  
- GET /v1/cluster/{anyValue}/job_run job_run:get on all data  
- GET /v1/cluster/{anyValue}/privateregistry privateregistry:get on all data  
- GET /v1/cluster/{anyValue}/role role:get on all data  
- GET /v1/cluster/{anyValue}/service team:get on all data  
- GET /v1/cluster/{anyValue}/team team:get on all data  
eai user ls --all GET /v1/cluster/{anyValue}/user user:get on all data  
  GET /v1/cluster_config no permission check  
eai data ls GET /v1/data - /v1/organization/{yourAccountID}/data
eai data new {dataName} POST /v1/data   /v1/organization/{yourAccountID}/data
- POST /v1/data/{dataID}/branch data:get on dataID
data:write on dataID
 
eai data chown {dataID} {accountID} POST /v1/data/{dataID}/chown data:get on dataID
data:write on dataID
data:rm on dataID
data:new on accountID
account:get on accountID
 
eai data commit {dataID} POST /v1/data/{dataID}/commit data:get on dataID
data:set on dataID
 
- GET /v1/data/{dataID}/download data:get on dataID
data:
read on dataID
 
- GET /v1/data/{dataID}/inuse data:get on dataID  
- GET /v1/data/{dataID}/isv2 data:get on dataID  
eai data branch ls {dataID} GET /v1/data/{dataID}/list data:get on dataID
data:
read on dataID
 
- GET /v1/data/{dataID}/locked data:get on dataID  
- POST /v1/data/{dataID}/lock data:get on dataID
data:set on dataID
 
- POST /v1/data/{dataID}/unlock data:get on dataID
data:set on dataID
 
eai data pull {dataID} GET /v1/data/{dataID}/pull data:get on dataID
data:
read on dataID
 
- GET /v1/data/{dataID}/push data:get on dataID
data:write on dataID
 
eai data push {dataID} POST /v1/data/{dataID}/push data:get on dataID
data:write on dataID
 
eai data content rm {dataID} DELETE /v1/data/{dataID}/remove data:get on dataID
data:write on dataID
 
- GET /v1/data/{dataID}/show data:get on dataID  
eai data size {dataID} GET /v1/data/{dataID}/size data:get on dataID  
eai data sync {dataID} GET /v1/data/{dataID}/sync data:get on dataID
data:write on dataID
 
eai data content ls {dataID} GET /v1/data/{dataID}/tree data:get on dataID
data:
read on dataID
 
eai data content tree {dataID} GET /v1/data/{dataID}/tree data:get on dataID
data:
read on dataID
 
eai data branch add {dataID} POST /v1/data/{dataID}/update/{branch} data:get on dataID
data:write on dataID
 
- POST /v1/data/{dataID}/upload data:get on dataID
data:write on dataID
 
- HEAD /v1/data/{dataID} data:get on dataID  
eai data get {dataID} GET /v1/data/{dataID} data:get on dataID  
eai data set {dataID} PUT /v1/data/{dataID} data:get on dataID
data:set on dataID
 
eai job ls GET /v1/job - /v1/account/{yourAccountID}/job
eai job new POST /v1/job - /v1/account/{yourAccountID}/job
- PUT /v1/job/{jobID}/cancelledOn no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/failedOn no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/interruptedOn no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/nodeName no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/queuedOn no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/startedOn no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/stateInfo no permission check. Only allowed for governor role  
- PUT /v1/job/{jobID}/succeededOn no permission check. Only allowed for governor role  
eai job set --bid {bid} {jobID} PUT /v1/job/{jobID}/bid job:get on jobID
job:set on jobID
 
  - {jobID}.job.console.elementai.com job:get on jobID
job:
access on jobID
 
- HEAD /v1/job/{jobID}/consent job:get on jobID
job:
access on jobID
 
eai job consent {jobID} POST /v1/job/{jobID}/consent job:get on jobID
job:
access on jobID
 
- GET /v1/job/{jobID}/children job:get on jobID  
eai job exec {jobID} GET /v1/job/{jobID}/exec job:get on jobID
job:exec on jobID
 
eai job logs {jobID} GET /v1/job/{jobID}/logs job:get on jobID
job:log on jobID
 
eai job set --name {name} {jobID} PUT /v1/job/{jobID}/name job:get on jobID
job:set on jobID
 
eai job retry {jobID} PUT /v1/job/{jobID}/retry job:get on jobID
job:
set on jobID

data:get and data:read on dataID for data mounted as readonly
data:
get and data:write on dataID for data mounted as read/write
registry:
pull for docker image on the registryAccountID
role:
apply-job on roleID for role usage on a job
 
- HEAD /v1/job/{jobID} job:get on jobID  
eai job get {jobID} GET /v1/job/{jobID} job:get on jobID  
eai job kill {jobID} DELETE /v1/job/{jobID} job:get on jobID
job:set on jobID
 
- POST /v1/job_normalize no permission check  
- GET /v1/job_run job:get on jobID  
- GET /v1/job_run/{jobRunID} job:get on jobID  
eai login validate GET /v1/me no permission check  
eai user set {myUserID} --name {name} PUT /v1/me no permission check  
- ANY /v1/me/{type}   /v1/user/{yourUserID}/{type}
/v1/role/{
yourRoleID}/{type}
eai job ls --me GET /v1/me/job   /v1/user/{yourUserID}/job
/v1/role/{
yourRoleID}/job
eai organization ls GET /v1/organization organization:get on organization  
eai organization new --name {orgName} POST /v1/organization organization:new on orgName  
eai account ls {organizationID} GET /v1/organization/{organizationID}/account  organization:get on organizationID
account:get on children account of organizationID
 
eai account new {organizationID}.{name} POST /v1/organization/{organizationID}/account  organization:get on organizationID
account:new on organizationID
 
eai app ls {organizationID} GET /v1/organization/{organizationID}/app  organization:get on organizationID
app:get on children app of organizationID
 
eai app new {organizationID}.{name} POST /v1/organization/{organizationID}/app  organization:get on organizationID
app:new on organizationID
 
eai job ls --organization {organizationID} GET /v1/organization/{organizationID}/job  organization:get on organizationID
job:get on descendant job of organizationID
 
  GET /v1/organization/{organizationID}/job_run organization:get on organizationID
job:get on descendant job of organizationID
 
eai privateregistry ls {organizationID} GET /v1/organization/{organizationID}/privateregistry  organization:get on organizationID
privateregistry:get on children privateregistry of organizationID
 
eai privateregistry new {organizationID}.{name} POST /v1/organization/{organizationID}/privateregistry  organization:get on organizationID
privateregistry:new on organizationID
 
eai role ls {organizationID} GET /v1/organization/{organizationID}/role  organization:get on organizationID
role:get on children role of organizationID
 
eai role new {organizationID}.{name} POST /v1/organization/{organizationID}/role  organization:get on organizationID
role:new on organizationID
 
- GET /v1/resource/{resourceID}/role {resourceType}:get on resourceID
role:get on children of {resourceID}
 
- POST /v1/resource/{resourceID}/role {resourceType}:get on resourceID
role:new on {resourceID}
 
eai rule allowed {action}@{resource} {roleID} POST /v1/role/{roleID}/allowed action on resource for role roleID
role:get on subject
 
- GET   role:get on roleID
job:get on all job created by roleID
 
- GET /v1/role/{roleID}/job_run role:get on roleID
job:get on all job created by roleID
 
eai role key ls {roleID} GET /v1/role/{roleID}/key role:get on roleID
role:key:get on roleID
 
eai role key new {roleID} POST /v1/role/{roleID}/key role:get on roleID
role:key:new on roleID
 
eai role key rm {roleID} {keyID} DELETE /v1/role/{roleID}/key/{keyID} role:get on roleID
role:key:rm on roleID
 
eai role member ls {roleID} GET /v1/role/{roleID}/member role:get on roleID
role:member:get on roleID
 
eai role member add {roleID} {userTeamID} POST /v1/role/{roleID}/member/{userTeamID} role:get on roleID
role:member:add on roleID
user:
get or team:get on userTeamID
user:
add or team:add on userTeamID
 
eai role member rm {roleID} {userTeamID} DELETE /v1/role/{roleID}/member/{userTeamID} role:get on roleID
role:member:rm on roleID
user:rm or team:rm on userTeamID
 
eai role policy ls {roleID} GET /v1/role/{roleID}/policy role:get on roleID  
eai role policy new {roleID} {action@resource} POST /v1/role/{roleID}/policy role:get on roleID
policy:new on roleID
action
on resource as shareable
 
eai role policy rm {roleID} {policyID} DELETE /v1/role/{roleID}/policy/{policyID} role:get on roleID
policy:rm on roleID
 
- HEAD /v1/role/{roleID} role:get on roleID  
eai role get {roleID} GET /v1/role/{roleID} role:get on roleID  
eai role set {roleID} PUT /v1/role/{roleID} role:get on roleID
role:
set on roleID
 
eai rule ls GET /v1/rule   /v1/rule/{yourUserRoleID}
eai rule ls {userRoleTeamID} GET /v1/rule/{userRoleTeamID} role:set on roleID
user:get or role:get or team:get on userRoleTeamID
 
  - {serviceID}.service.console.elementai.com service:get on serviceD
service:
access on serviceID
 
eai service ls GET /v1/service   /v1/account/{yourAccountID}/service
eai service new {name} POST /v1/service   /v1/account/{yourAccountID}/service
- HEAD /v1/service/{serviceID} service:get on serviceID  
eai service get {serviceID} GET /v1/service/{serviceID} service:get on serviceID  
eai service set {serviceID} PUT /v1/service/{serviceID} service:get on serviceID
service:
set on serviceID
 
- GET /v1/swagger.json no permission check  
eai team ls GET /v1/team   /v1/organization/{yourOrganizationID}/team
eai team new {name} POST /v1/team   /v1/organization/{yourOrganizationID}/team
eai team member ls {teamID} GET /v1/team/{teamID}/member team:get on teamID
team:member:get on teamID
 
eai team member add {teamID} {userTeamID} POST /v1/team/{teamID}/member/{userTeamID} team:get on teamID
team:member:add on teamID
user:
get or team:get on userTeamID
user:
add or team:add on userTeamID
 
eai team member rm {teamID} {userTeamID} DELETE /v1/team/{teamID}/member/{userTeamID} team:get on teamID
team:member:rm on teamID
user:rm or team:rm on userTeamID
 
eai team policy ls {teamID} GET /v1/team/{teamID}/policy team:get on teamID  
eai team policy new {teamID} {action@resource} POST /v1/team/{teamID}/policy role:get on roleID
policy:new on roleID
action
on resource as shareable
 
eai team policy rm {teamID} {policyID} DELETE /v1/team/{teamID}/policy/{policyID} team:get on teamID
policy:set on roleID
 
eai team role ls {teamID} GET /v1/team/{teamID}/role team:get on teamID
role:get on children role of teamID
 
eai team role new {teamID} POST /v1/team/{teamID}/role role:new on teamID  
- HEAD /v1/team/{teamID} team:get on teamID  
eai team get {teamID} GET /v1/team/{teamID} team:get on teamID  
eai team set {teamID} PUT /v1/team/{teamID} team:set on teamID  
eai user ls GET /v1/user   /v1/organization/{yourOrganizationID}/user
eai user invite {userMail} POST /v1/user   /v1/organization/{yourOrganizationID}/user
eai rule allowed {action}@{resource} {userID} GET /v1/user/{userID}/allowed action on resource for role userID
role:get on subject
 
- GET /v1/user/{userID}/app   /v1/organization/{yourOrganizationID}/app
- GET /v1/user/{userID}/job role:get on userID
job:get on all job created by userID
 
- GET /v1/user/{userID}/job_occupancy role:get on userID
job:get on all job created by userID
 
- GET /v1/user/{userID}/job_run role:get on userID
job:get on all job created by userID
 
eai user policy ls {userID} GET /v1/user/{userID}/policy user:get on userID  
eai user policy new {userID} {action@resource} POST /v1/user/{userID}/policy user:get on userID
policy:new on userD
action
on resource as shareable
 
eai user policy rm {userID} {policyID} DELETE /v1/user/{userID}/policy/{policyID} user:get on userID
policy:set on userID
 
eai terms GET /v1/user/{userID}/terms user:get on userID  
eai terms --agree PUT /v1/user/{userID}/terms no permission check if userID is the current user else user:get  
- HEAD /v1/user/{userID} no permission check if userID is the current user else user:set  
eai user get {userID} GET /v1/user/{userID} user:get on userID  
eai user set {userID} PUT /v1/user/{userID} user:set on userID  
- DELETE /v1/user/{userID} user:deactivate on userOrganizationID  
- POST /v1/user/{userID} user:reactivate on userOrganizationID  
eai rule who-is-allowed {action}@{resource} GET /v1/who_is_allowed action on resource
user:get or role:get or team:get on resource found