Permissions table
CLI Commands | Method | Path | Permissions | Shortcut | |
eai account ls | GET | /v1/account | - | /v1/organization/{yourOrganizationID}/account | |
eai account new {name} | POST | /v1/account | - | /v1/organization/{yourOrganizationID}/account | |
eai account ls {accountID} | GET | /v1/account/{accountID}/account | account:get on accountID account:get on children account of accountID |
||
eai account new {accountID}.{name} | POST | /v1/account/{accountID}/account | account:get on accountID account:new on accountID |
||
eai app ls {accountID} | GET | /v1/account/{accountID}/app | account:get on accountID app:get on children data of accountID |
||
eai app new {accountID}.{name} | POST | /v1/account/{accountID}/app | account:get on accountID app:new on accountID |
||
eai data ls {accountID} | GET | /v1/account/{accountID}/data | account:get on accountID data:get on children data of accountID |
||
eai data new {accountID}.{name} | POST | /v1/account/{accountID}/data | account:get on accountID data:new on accountID |
||
eai job ls --account {accountID} | GET | /v1/account/{accountID}/job | account:get on accountID job:get on children job of accountID |
||
eai job new --account {accountID} | POST | /v1/account/{accountID}/job | account:get on accountID job:new on accountID data:get and data:read on dataID for data mounted as readonly data:get and data:write on dataID for data mounted as read/write registry:pull for docker image on the registryAccountID role:apply-job on roleID for role usage on a job |
||
- | GET | /v1/account/{accountID}/job_occupancy | account:get on accountID job:get on children job of accountID |
||
- | GET | /v1/account/{accountID}/job_run | account:get on accountID job:get on children job of accountID |
||
eai account role ls {accountID} | GET | /v1/account/{accountID}/role | account:get on accountID role:get on children role of accountID |
||
eai account role new {accountID}.{name} | POST | /v1/account/{accountID}/role | account:get on accountID role:new on accountID |
||
eai privateregistry ls {accountID} | GET | /v1/account/{accountID}/privateregistry | account:get on accountID privateregistry:get on children service of accountID |
||
eai privateregistry new {accountID}.{name} | POST | /v1/account/{accountID}/privateregistry | account:get on accountID privateregistry:new on accountID |
||
eai service ls {accountID} | GET | /v1/account/{accountID}/service | account:get on accountID service:get on children service of accountID |
||
eai service new {accountID}.{name} | POST | /v1/account/{accountID}/service | account:get on accountID service:new on accountID data:new on accountID role:new on accountID |
||
eai account size {accountID} | GET | /v1/account/{accountID}/size | account:get on accountID | ||
- | HEAD | /v1/account/{accountID} | account:get on accountID | ||
eai account get {accountID} | GET | /v1/account/{accountID} | account:get on accountID | ||
eai account set {accountID} | PUT | /v1/account/{accountID} | account:get on accountID account:set on accountID |
||
eai rule allowed {action}@{resource} | POST | /v1/allowed | action on resource for calling user | ||
eai rule allowed {action}@{resource} {subject} | POST | /v1/allowed | action on resource for subject user/role user:get or role:get on subject |
||
- | GET | /v1/allowed_operation | no permission check | ||
eai app ls | GET | /v1/app | - | /v1/organization/{yourOrganizationID}/app | |
eai app new {name} | POST | /v1/app | - | /v1/organization/{yourOrganizationID}/app | |
- | HEAD | /v1/app/{appID} | app:get on appID | ||
eai app get {appID} | GET | /v1/app/{appID} | app:get on appID | ||
eai app set {appID} | PUT | /v1/app/{appID} | app:get on appID app:set on appID |
||
eai app rm {appID} | DELETE | /v1/app/{appID} | app:get on appID app:rm on appID |
||
- | /v1/cluster/{type} | /v1/cluster/{randomValue}/{type} | |||
- | GET | /v1/cluster/{anyValue}/{type} | {type}:get on all {type} | ||
- | GET | /v1/cluster/{anyValue}/account | account:get on all account | ||
- | GET | /v1/cluster/{anyValue}/data | data:get on all data | ||
eai job ls --all | GET | /v1/cluster/{anyValue}/job | job:get on all job | ||
- | GET | /v1/cluster/{anyValue}/job_occupancy | job:get on all data | ||
- | GET | /v1/cluster/{anyValue}/job_run | job_run:get on all data | ||
- | GET | /v1/cluster/{anyValue}/privateregistry | privateregistry:get on all data | ||
- | GET | /v1/cluster/{anyValue}/role | role:get on all data | ||
- | GET | /v1/cluster/{anyValue}/service | team:get on all data | ||
- | GET | /v1/cluster/{anyValue}/team | team:get on all data | ||
eai user ls --all | GET | /v1/cluster/{anyValue}/user | user:get on all data | ||
GET | /v1/cluster_config | no permission check | |||
eai data ls | GET | /v1/data | - | /v1/organization/{yourAccountID}/data | |
eai data new {dataName} | POST | /v1/data | /v1/organization/{yourAccountID}/data | ||
- | POST | /v1/data/{dataID}/branch | data:get on dataID data:write on dataID |
||
eai data chown {dataID} {accountID} | POST | /v1/data/{dataID}/chown | data:get on dataID data:write on dataID data:rm on dataID data:new on accountID account:get on accountID |
||
eai data commit {dataID} | POST | /v1/data/{dataID}/commit | data:get on dataID data:set on dataID |
||
- | GET | /v1/data/{dataID}/download | data:get on dataID data:read on dataID |
||
- | GET | /v1/data/{dataID}/inuse | data:get on dataID | ||
- | GET | /v1/data/{dataID}/isv2 | data:get on dataID | ||
eai data branch ls {dataID} | GET | /v1/data/{dataID}/list | data:get on dataID data:read on dataID |
||
- | GET | /v1/data/{dataID}/locked | data:get on dataID | ||
- | POST | /v1/data/{dataID}/lock | data:get on dataID data:set on dataID |
||
- | POST | /v1/data/{dataID}/unlock | data:get on dataID data:set on dataID |
||
eai data pull {dataID} | GET | /v1/data/{dataID}/pull | data:get on dataID data:read on dataID |
||
- | GET | /v1/data/{dataID}/push | data:get on dataID data:write on dataID |
||
eai data push {dataID} | POST | /v1/data/{dataID}/push | data:get on dataID data:write on dataID |
||
eai data content rm {dataID} | DELETE | /v1/data/{dataID}/remove | data:get on dataID data:write on dataID |
||
- | GET | /v1/data/{dataID}/show | data:get on dataID | ||
eai data size {dataID} | GET | /v1/data/{dataID}/size | data:get on dataID | ||
eai data sync {dataID} | GET | /v1/data/{dataID}/sync | data:get on dataID data:write on dataID |
||
eai data content ls {dataID} | GET | /v1/data/{dataID}/tree | data:get on dataID data:read on dataID |
||
eai data content tree {dataID} | GET | /v1/data/{dataID}/tree | data:get on dataID data:read on dataID |
||
eai data branch add {dataID} | POST | /v1/data/{dataID}/update/{branch} | data:get on dataID data:write on dataID |
||
- | POST | /v1/data/{dataID}/upload | data:get on dataID data:write on dataID |
||
- | HEAD | /v1/data/{dataID} | data:get on dataID | ||
eai data get {dataID} | GET | /v1/data/{dataID} | data:get on dataID | ||
eai data set {dataID} | PUT | /v1/data/{dataID} | data:get on dataID data:set on dataID |
||
eai job ls | GET | /v1/job | - | /v1/account/{yourAccountID}/job | |
eai job new | POST | /v1/job | - | /v1/account/{yourAccountID}/job | |
- | PUT | /v1/job/{jobID}/cancelledOn | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/failedOn | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/interruptedOn | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/nodeName | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/queuedOn | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/startedOn | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/stateInfo | no permission check. Only allowed for governor role | ||
- | PUT | /v1/job/{jobID}/succeededOn | no permission check. Only allowed for governor role | ||
eai job set --bid {bid} {jobID} | PUT | /v1/job/{jobID}/bid | job:get on jobID job:set on jobID |
||
- | {jobID}.job.console.elementai.com | job:get on jobID job:access on jobID |
|||
- | HEAD | /v1/job/{jobID}/consent | job:get on jobID job:access on jobID |
||
eai job consent {jobID} | POST | /v1/job/{jobID}/consent | job:get on jobID job:access on jobID |
||
- | GET | /v1/job/{jobID}/children | job:get on jobID | ||
eai job exec {jobID} | GET | /v1/job/{jobID}/exec | job:get on jobID job:exec on jobID |
||
eai job logs {jobID} | GET | /v1/job/{jobID}/logs | job:get on jobID job:log on jobID |
||
eai job set --name {name} {jobID} | PUT | /v1/job/{jobID}/name | job:get on jobID job:set on jobID |
||
eai job retry {jobID} | PUT | /v1/job/{jobID}/retry | job:get on jobID job:set on jobID data:get and data:read on dataID for data mounted as readonly data:get and data:write on dataID for data mounted as read/write registry:pull for docker image on the registryAccountID role:apply-job on roleID for role usage on a job |
||
- | HEAD | /v1/job/{jobID} | job:get on jobID | ||
eai job get {jobID} | GET | /v1/job/{jobID} | job:get on jobID | ||
eai job kill {jobID} | DELETE | /v1/job/{jobID} | job:get on jobID job:set on jobID |
||
- | POST | /v1/job_normalize | no permission check | ||
- | GET | /v1/job_run | job:get on jobID | ||
- | GET | /v1/job_run/{jobRunID} | job:get on jobID | ||
eai login validate | GET | /v1/me | no permission check | ||
eai user set {myUserID} --name {name} | PUT | /v1/me | no permission check | ||
- | ANY | /v1/me/{type} | /v1/user/{yourUserID}/{type} /v1/role/{yourRoleID}/{type} |
||
eai job ls --me | GET | /v1/me/job | /v1/user/{yourUserID}/job /v1/role/{yourRoleID}/job |
||
eai organization ls | GET | /v1/organization | organization:get on organization | ||
eai organization new --name {orgName} | POST | /v1/organization | organization:new on orgName | ||
eai account ls {organizationID} | GET | /v1/organization/{organizationID}/account | organization:get on organizationID account:get on children account of organizationID |
||
eai account new {organizationID}.{name} | POST | /v1/organization/{organizationID}/account | organization:get on organizationID account:new on organizationID |
||
eai app ls {organizationID} | GET | /v1/organization/{organizationID}/app | organization:get on organizationID app:get on children app of organizationID |
||
eai app new {organizationID}.{name} | POST | /v1/organization/{organizationID}/app | organization:get on organizationID app:new on organizationID |
||
eai job ls --organization {organizationID} | GET | /v1/organization/{organizationID}/job | organization:get on organizationID job:get on descendant job of organizationID |
||
GET | /v1/organization/{organizationID}/job_run | organization:get on organizationID job:get on descendant job of organizationID |
|||
eai privateregistry ls {organizationID} | GET | /v1/organization/{organizationID}/privateregistry | organization:get on organizationID privateregistry:get on children privateregistry of organizationID |
||
eai privateregistry new {organizationID}.{name} | POST | /v1/organization/{organizationID}/privateregistry | organization:get on organizationID privateregistry:new on organizationID |
||
eai role ls {organizationID} | GET | /v1/organization/{organizationID}/role | organization:get on organizationID role:get on children role of organizationID |
||
eai role new {organizationID}.{name} | POST | /v1/organization/{organizationID}/role | organization:get on organizationID role:new on organizationID |
||
- | GET | /v1/resource/{resourceID}/role | {resourceType}:get on resourceID role:get on children of {resourceID} |
||
- | POST | /v1/resource/{resourceID}/role | {resourceType}:get on resourceID role:new on {resourceID} |
||
eai rule allowed {action}@{resource} {roleID} | POST | /v1/role/{roleID}/allowed | action on resource for role roleID role:get on subject |
||
- | GET | role:get on roleID job:get on all job created by roleID |
|||
- | GET | /v1/role/{roleID}/job_run | role:get on roleID job:get on all job created by roleID |
||
eai role key ls {roleID} | GET | /v1/role/{roleID}/key | role:get on roleID role:key:get on roleID |
||
eai role key new {roleID} | POST | /v1/role/{roleID}/key | role:get on roleID role:key:new on roleID |
||
eai role key rm {roleID} {keyID} | DELETE | /v1/role/{roleID}/key/{keyID} | role:get on roleID role:key:rm on roleID |
||
eai role member ls {roleID} | GET | /v1/role/{roleID}/member | role:get on roleID role:member:get on roleID |
||
eai role member add {roleID} {userTeamID} | POST | /v1/role/{roleID}/member/{userTeamID} | role:get on roleID role:member:add on roleID user:get or team:get on userTeamID user:add or team:add on userTeamID |
||
eai role member rm {roleID} {userTeamID} | DELETE | /v1/role/{roleID}/member/{userTeamID} | role:get on roleID role:member:rm on roleID user:rm or team:rm on userTeamID |
||
eai role policy ls {roleID} | GET | /v1/role/{roleID}/policy | role:get on roleID | ||
eai role policy new {roleID} {action@resource} | POST | /v1/role/{roleID}/policy | role:get on roleID policy:new on roleID action on resource as shareable |
||
eai role policy rm {roleID} {policyID} | DELETE | /v1/role/{roleID}/policy/{policyID} | role:get on roleID policy:rm on roleID |
||
- | HEAD | /v1/role/{roleID} | role:get on roleID | ||
eai role get {roleID} | GET | /v1/role/{roleID} | role:get on roleID | ||
eai role set {roleID} | PUT | /v1/role/{roleID} | role:get on roleID role:set on roleID |
||
eai rule ls | GET | /v1/rule | /v1/rule/{yourUserRoleID} | ||
eai rule ls {userRoleTeamID} | GET | /v1/rule/{userRoleTeamID} | role:set on roleID user:get or role:get or team:get on userRoleTeamID |
||
- | {serviceID}.service.console.elementai.com | service:get on serviceD service:access on serviceID |
|||
eai service ls | GET | /v1/service | /v1/account/{yourAccountID}/service | ||
eai service new {name} | POST | /v1/service | /v1/account/{yourAccountID}/service | ||
- | HEAD | /v1/service/{serviceID} | service:get on serviceID | ||
eai service get {serviceID} | GET | /v1/service/{serviceID} | service:get on serviceID | ||
eai service set {serviceID} | PUT | /v1/service/{serviceID} | service:get on serviceID service:set on serviceID |
||
- | GET | /v1/swagger.json | no permission check | ||
eai team ls | GET | /v1/team | /v1/organization/{yourOrganizationID}/team | ||
eai team new {name} | POST | /v1/team | /v1/organization/{yourOrganizationID}/team | ||
eai team member ls {teamID} | GET | /v1/team/{teamID}/member | team:get on teamID team:member:get on teamID |
||
eai team member add {teamID} {userTeamID} | POST | /v1/team/{teamID}/member/{userTeamID} | team:get on teamID team:member:add on teamID user:get or team:get on userTeamID user:add or team:add on userTeamID |
||
eai team member rm {teamID} {userTeamID} | DELETE | /v1/team/{teamID}/member/{userTeamID} | team:get on teamID team:member:rm on teamID user:rm or team:rm on userTeamID |
||
eai team policy ls {teamID} | GET | /v1/team/{teamID}/policy | team:get on teamID | ||
eai team policy new {teamID} {action@resource} | POST | /v1/team/{teamID}/policy | role:get on roleID policy:new on roleID action on resource as shareable |
||
eai team policy rm {teamID} {policyID} | DELETE | /v1/team/{teamID}/policy/{policyID} | team:get on teamID policy:set on roleID |
||
eai team role ls {teamID} | GET | /v1/team/{teamID}/role | team:get on teamID role:get on children role of teamID |
||
eai team role new {teamID} | POST | /v1/team/{teamID}/role | role:new on teamID | ||
- | HEAD | /v1/team/{teamID} | team:get on teamID | ||
eai team get {teamID} | GET | /v1/team/{teamID} | team:get on teamID | ||
eai team set {teamID} | PUT | /v1/team/{teamID} | team:set on teamID | ||
eai user ls | GET | /v1/user | /v1/organization/{yourOrganizationID}/user | ||
eai user invite {userMail} | POST | /v1/user | /v1/organization/{yourOrganizationID}/user | ||
eai rule allowed {action}@{resource} {userID} | GET | /v1/user/{userID}/allowed | action on resource for role userID role:get on subject |
||
- | GET | /v1/user/{userID}/app | /v1/organization/{yourOrganizationID}/app | ||
- | GET | /v1/user/{userID}/job | role:get on userID job:get on all job created by userID |
||
- | GET | /v1/user/{userID}/job_occupancy | role:get on userID job:get on all job created by userID |
||
- | GET | /v1/user/{userID}/job_run | role:get on userID job:get on all job created by userID |
||
eai user policy ls {userID} | GET | /v1/user/{userID}/policy | user:get on userID | ||
eai user policy new {userID} {action@resource} | POST | /v1/user/{userID}/policy | user:get on userID policy:new on userD action on resource as shareable |
||
eai user policy rm {userID} {policyID} | DELETE | /v1/user/{userID}/policy/{policyID} | user:get on userID policy:set on userID |
||
eai terms | GET | /v1/user/{userID}/terms | user:get on userID | ||
eai terms --agree | PUT | /v1/user/{userID}/terms | no permission check if userID is the current user else user:get | ||
- | HEAD | /v1/user/{userID} | no permission check if userID is the current user else user:set | ||
eai user get {userID} | GET | /v1/user/{userID} | user:get on userID | ||
eai user set {userID} | PUT | /v1/user/{userID} | user:set on userID | ||
- | DELETE | /v1/user/{userID} | user:deactivate on userOrganizationID | ||
- | POST | /v1/user/{userID} | user:reactivate on userOrganizationID | ||
eai rule who-is-allowed {action}@{resource} | GET | /v1/who_is_allowed | action on resource user:get or role:get or team:get on resource found |