Permissions table

CLI Commands	Method	Path	Permissions	Shortcut
eai account ls	GET	/v1/account	-	/v1/organization/{yourOrganizationID}/account
eai account new {name}	POST	/v1/account	-	/v1/organization/{yourOrganizationID}/account
eai account ls {accountID}	GET	/v1/account/{accountID}/account	account:get on accountID account:get on children account of accountID
eai account new {accountID}.{name}	POST	/v1/account/{accountID}/account	account:get on accountID account:new on accountID
eai app ls {accountID}	GET	/v1/account/{accountID}/app	account:get on accountID app:get on children data of accountID
eai app new {accountID}.{name}	POST	/v1/account/{accountID}/app	account:get on accountID app:new on accountID
eai data ls {accountID}	GET	/v1/account/{accountID}/data	account:get on accountID data:get on children data of accountID
eai data new {accountID}.{name}	POST	/v1/account/{accountID}/data	account:get on accountID data:new on accountID
eai job ls --account {accountID}	GET	/v1/account/{accountID}/job	account:get on accountID job:get on children job of accountID
eai job new --account {accountID}	POST	/v1/account/{accountID}/job	account:get on accountID job:new on accountID data:get and data:read on dataID for data mounted as readonly data:get and data:write on dataID for data mounted as read/write registry:pull for docker image on the registryAccountID role:apply-job on roleID for role usage on a job
-	GET	/v1/account/{accountID}/job_occupancy	account:get on accountID job:get on children job of accountID
-	GET	/v1/account/{accountID}/job_run	account:get on accountID job:get on children job of accountID
eai account role ls {accountID}	GET	/v1/account/{accountID}/role	account:get on accountID role:get on children role of accountID
eai account role new {accountID}.{name}	POST	/v1/account/{accountID}/role	account:get on accountID role:new on accountID
eai privateregistry ls {accountID}	GET	/v1/account/{accountID}/privateregistry	account:get on accountID privateregistry:get on children service of accountID
eai privateregistry new {accountID}.{name}	POST	/v1/account/{accountID}/privateregistry	account:get on accountID privateregistry:new on accountID
eai service ls {accountID}	GET	/v1/account/{accountID}/service	account:get on accountID service:get on children service of accountID
eai service new {accountID}.{name}	POST	/v1/account/{accountID}/service	account:get on accountID service:new on accountID data:new on accountID role:new on accountID
eai account size {accountID}	GET	/v1/account/{accountID}/size	account:get on accountID
-	HEAD	/v1/account/{accountID}	account:get on accountID
eai account get {accountID}	GET	/v1/account/{accountID}	account:get on accountID
eai account set {accountID}	PUT	/v1/account/{accountID}	account:get on accountID account:set on accountID
eai rule allowed {action}@{resource}	POST	/v1/allowed	action on resource for calling user
eai rule allowed {action}@{resource} {subject}	POST	/v1/allowed	action on resource for subject user/role user:get or role:get on subject
-	GET	/v1/allowed_operation	no permission check
eai app ls	GET	/v1/app	-	/v1/organization/{yourOrganizationID}/app
eai app new {name}	POST	/v1/app	-	/v1/organization/{yourOrganizationID}/app
-	HEAD	/v1/app/{appID}	app:get on appID
eai app get {appID}	GET	/v1/app/{appID}	app:get on appID
eai app set {appID}	PUT	/v1/app/{appID}	app:get on appID app:set on appID
eai app rm {appID}	DELETE	/v1/app/{appID}	app:get on appID app:rm on appID
	-	/v1/cluster/{type}		/v1/cluster/{randomValue}/{type}
-	GET	/v1/cluster/{anyValue}/{type}	{type}:get on all {type}
-	GET	/v1/cluster/{anyValue}/account	account:get on all account
-	GET	/v1/cluster/{anyValue}/data	data:get on all data
eai job ls --all	GET	/v1/cluster/{anyValue}/job	job:get on all job
-	GET	/v1/cluster/{anyValue}/job_occupancy	job:get on all data
-	GET	/v1/cluster/{anyValue}/job_run	job_run:get on all data
-	GET	/v1/cluster/{anyValue}/privateregistry	privateregistry:get on all data
-	GET	/v1/cluster/{anyValue}/role	role:get on all data
-	GET	/v1/cluster/{anyValue}/service	team:get on all data
-	GET	/v1/cluster/{anyValue}/team	team:get on all data
eai user ls --all	GET	/v1/cluster/{anyValue}/user	user:get on all data
	GET	/v1/cluster_config	no permission check
eai data ls	GET	/v1/data	-	/v1/organization/{yourAccountID}/data
eai data new {dataName}	POST	/v1/data		/v1/organization/{yourAccountID}/data
-	POST	/v1/data/{dataID}/branch	data:get on dataID data:write on dataID
eai data chown {dataID} {accountID}	POST	/v1/data/{dataID}/chown	data:get on dataID data:write on dataID data:rm on dataID data:new on accountID account:get on accountID
eai data commit {dataID}	POST	/v1/data/{dataID}/commit	data:get on dataID data:set on dataID
-	GET	/v1/data/{dataID}/download	data:get on dataID data:read on dataID
-	GET	/v1/data/{dataID}/inuse	data:get on dataID
-	GET	/v1/data/{dataID}/isv2	data:get on dataID
eai data branch ls {dataID}	GET	/v1/data/{dataID}/list	data:get on dataID data:read on dataID
-	GET	/v1/data/{dataID}/locked	data:get on dataID
-	POST	/v1/data/{dataID}/lock	data:get on dataID data:set on dataID
-	POST	/v1/data/{dataID}/unlock	data:get on dataID data:set on dataID
eai data pull {dataID}	GET	/v1/data/{dataID}/pull	data:get on dataID data:read on dataID
-	GET	/v1/data/{dataID}/push	data:get on dataID data:write on dataID
eai data push {dataID}	POST	/v1/data/{dataID}/push	data:get on dataID data:write on dataID
eai data content rm {dataID}	DELETE	/v1/data/{dataID}/remove	data:get on dataID data:write on dataID
-	GET	/v1/data/{dataID}/show	data:get on dataID
eai data size {dataID}	GET	/v1/data/{dataID}/size	data:get on dataID
eai data sync {dataID}	GET	/v1/data/{dataID}/sync	data:get on dataID data:write on dataID
eai data content ls {dataID}	GET	/v1/data/{dataID}/tree	data:get on dataID data:read on dataID
eai data content tree {dataID}	GET	/v1/data/{dataID}/tree	data:get on dataID data:read on dataID
eai data branch add {dataID}	POST	/v1/data/{dataID}/update/{branch}	data:get on dataID data:write on dataID
-	POST	/v1/data/{dataID}/upload	data:get on dataID data:write on dataID
-	HEAD	/v1/data/{dataID}	data:get on dataID
eai data get {dataID}	GET	/v1/data/{dataID}	data:get on dataID
eai data set {dataID}	PUT	/v1/data/{dataID}	data:get on dataID data:set on dataID
eai job ls	GET	/v1/job	-	/v1/account/{yourAccountID}/job
eai job new	POST	/v1/job	-	/v1/account/{yourAccountID}/job
-	PUT	/v1/job/{jobID}/cancelledOn	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/failedOn	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/interruptedOn	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/nodeName	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/queuedOn	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/startedOn	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/stateInfo	no permission check. Only allowed for governor role
-	PUT	/v1/job/{jobID}/succeededOn	no permission check. Only allowed for governor role
eai job set --bid {bid} {jobID}	PUT	/v1/job/{jobID}/bid	job:get on jobID job:set on jobID
	-	{jobID}.job.console.elementai.com	job:get on jobID job:access on jobID
-	HEAD	/v1/job/{jobID}/consent	job:get on jobID job:access on jobID
eai job consent {jobID}	POST	/v1/job/{jobID}/consent	job:get on jobID job:access on jobID
-	GET	/v1/job/{jobID}/children	job:get on jobID
eai job exec {jobID}	GET	/v1/job/{jobID}/exec	job:get on jobID job:exec on jobID
eai job logs {jobID}	GET	/v1/job/{jobID}/logs	job:get on jobID job:log on jobID
eai job set --name {name} {jobID}	PUT	/v1/job/{jobID}/name	job:get on jobID job:set on jobID
eai job retry {jobID}	PUT	/v1/job/{jobID}/retry	job:get on jobID job:set on jobID data:get and data:read on dataID for data mounted as readonly data:get and data:write on dataID for data mounted as read/write registry:pull for docker image on the registryAccountID role:apply-job on roleID for role usage on a job
-	HEAD	/v1/job/{jobID}	job:get on jobID
eai job get {jobID}	GET	/v1/job/{jobID}	job:get on jobID
eai job kill {jobID}	DELETE	/v1/job/{jobID}	job:get on jobID job:set on jobID
-	POST	/v1/job_normalize	no permission check
-	GET	/v1/job_run	job:get on jobID
-	GET	/v1/job_run/{jobRunID}	job:get on jobID
eai login validate	GET	/v1/me	no permission check
eai user set {myUserID} --name {name}	PUT	/v1/me	no permission check
-	ANY	/v1/me/{type}		/v1/user/{yourUserID}/{type} /v1/role/{yourRoleID}/{type}
eai job ls --me	GET	/v1/me/job		/v1/user/{yourUserID}/job /v1/role/{yourRoleID}/job
eai organization ls	GET	/v1/organization	organization:get on organization
eai organization new --name {orgName}	POST	/v1/organization	organization:new on orgName
eai account ls {organizationID}	GET	/v1/organization/{organizationID}/account	organization:get on organizationID account:get on children account of organizationID
eai account new {organizationID}.{name}	POST	/v1/organization/{organizationID}/account	organization:get on organizationID account:new on organizationID
eai app ls {organizationID}	GET	/v1/organization/{organizationID}/app	organization:get on organizationID app:get on children app of organizationID
eai app new {organizationID}.{name}	POST	/v1/organization/{organizationID}/app	organization:get on organizationID app:new on organizationID
eai job ls --organization {organizationID}	GET	/v1/organization/{organizationID}/job	organization:get on organizationID job:get on descendant job of organizationID
	GET	/v1/organization/{organizationID}/job_run	organization:get on organizationID job:get on descendant job of organizationID
eai privateregistry ls {organizationID}	GET	/v1/organization/{organizationID}/privateregistry	organization:get on organizationID privateregistry:get on children privateregistry of organizationID
eai privateregistry new {organizationID}.{name}	POST	/v1/organization/{organizationID}/privateregistry	organization:get on organizationID privateregistry:new on organizationID
eai role ls {organizationID}	GET	/v1/organization/{organizationID}/role	organization:get on organizationID role:get on children role of organizationID
eai role new {organizationID}.{name}	POST	/v1/organization/{organizationID}/role	organization:get on organizationID role:new on organizationID
-	GET	/v1/resource/{resourceID}/role	{resourceType}:get on resourceID role:get on children of {resourceID}
-	POST	/v1/resource/{resourceID}/role	{resourceType}:get on resourceID role:new on {resourceID}
eai rule allowed {action}@{resource} {roleID}	POST	/v1/role/{roleID}/allowed	action on resource for role roleID role:get on subject
-	GET		role:get on roleID job:get on all job created by roleID
-	GET	/v1/role/{roleID}/job_run	role:get on roleID job:get on all job created by roleID
eai role key ls {roleID}	GET	/v1/role/{roleID}/key	role:get on roleID role:key:get on roleID
eai role key new {roleID}	POST	/v1/role/{roleID}/key	role:get on roleID role:key:new on roleID
eai role key rm {roleID} {keyID}	DELETE	/v1/role/{roleID}/key/{keyID}	role:get on roleID role:key:rm on roleID
eai role member ls {roleID}	GET	/v1/role/{roleID}/member	role:get on roleID role:member:get on roleID
eai role member add {roleID} {userTeamID}	POST	/v1/role/{roleID}/member/{userTeamID}	role:get on roleID role:member:add on roleID user:get or team:get on userTeamID user:add or team:add on userTeamID
eai role member rm {roleID} {userTeamID}	DELETE	/v1/role/{roleID}/member/{userTeamID}	role:get on roleID role:member:rm on roleID user:rm or team:rm on userTeamID
eai role policy ls {roleID}	GET	/v1/role/{roleID}/policy	role:get on roleID
eai role policy new {roleID} {action@resource}	POST	/v1/role/{roleID}/policy	role:get on roleID policy:new on roleID action on resource as shareable
eai role policy rm {roleID} {policyID}	DELETE	/v1/role/{roleID}/policy/{policyID}	role:get on roleID policy:rm on roleID
-	HEAD	/v1/role/{roleID}	role:get on roleID
eai role get {roleID}	GET	/v1/role/{roleID}	role:get on roleID
eai role set {roleID}	PUT	/v1/role/{roleID}	role:get on roleID role:set on roleID
eai rule ls	GET	/v1/rule		/v1/rule/{yourUserRoleID}
eai rule ls {userRoleTeamID}	GET	/v1/rule/{userRoleTeamID}	role:set on roleID user:get or role:get or team:get on userRoleTeamID
	-	{serviceID}.service.console.elementai.com	service:get on serviceD service:access on serviceID
eai service ls	GET	/v1/service		/v1/account/{yourAccountID}/service
eai service new {name}	POST	/v1/service		/v1/account/{yourAccountID}/service
-	HEAD	/v1/service/{serviceID}	service:get on serviceID
eai service get {serviceID}	GET	/v1/service/{serviceID}	service:get on serviceID
eai service set {serviceID}	PUT	/v1/service/{serviceID}	service:get on serviceID service:set on serviceID
-	GET	/v1/swagger.json	no permission check
eai team ls	GET	/v1/team		/v1/organization/{yourOrganizationID}/team
eai team new {name}	POST	/v1/team		/v1/organization/{yourOrganizationID}/team
eai team member ls {teamID}	GET	/v1/team/{teamID}/member	team:get on teamID team:member:get on teamID
eai team member add {teamID} {userTeamID}	POST	/v1/team/{teamID}/member/{userTeamID}	team:get on teamID team:member:add on teamID user:get or team:get on userTeamID user:add or team:add on userTeamID
eai team member rm {teamID} {userTeamID}	DELETE	/v1/team/{teamID}/member/{userTeamID}	team:get on teamID team:member:rm on teamID user:rm or team:rm on userTeamID
eai team policy ls {teamID}	GET	/v1/team/{teamID}/policy	team:get on teamID
eai team policy new {teamID} {action@resource}	POST	/v1/team/{teamID}/policy	role:get on roleID policy:new on roleID action on resource as shareable
eai team policy rm {teamID} {policyID}	DELETE	/v1/team/{teamID}/policy/{policyID}	team:get on teamID policy:set on roleID
eai team role ls {teamID}	GET	/v1/team/{teamID}/role	team:get on teamID role:get on children role of teamID
eai team role new {teamID}	POST	/v1/team/{teamID}/role	role:new on teamID
-	HEAD	/v1/team/{teamID}	team:get on teamID
eai team get {teamID}	GET	/v1/team/{teamID}	team:get on teamID
eai team set {teamID}	PUT	/v1/team/{teamID}	team:set on teamID
eai user ls	GET	/v1/user		/v1/organization/{yourOrganizationID}/user
eai user invite {userMail}	POST	/v1/user		/v1/organization/{yourOrganizationID}/user
eai rule allowed {action}@{resource} {userID}	GET	/v1/user/{userID}/allowed	action on resource for role userID role:get on subject
-	GET	/v1/user/{userID}/app		/v1/organization/{yourOrganizationID}/app
-	GET	/v1/user/{userID}/job	role:get on userID job:get on all job created by userID
-	GET	/v1/user/{userID}/job_occupancy	role:get on userID job:get on all job created by userID
-	GET	/v1/user/{userID}/job_run	role:get on userID job:get on all job created by userID
eai user policy ls {userID}	GET	/v1/user/{userID}/policy	user:get on userID
eai user policy new {userID} {action@resource}	POST	/v1/user/{userID}/policy	user:get on userID policy:new on userD action on resource as shareable
eai user policy rm {userID} {policyID}	DELETE	/v1/user/{userID}/policy/{policyID}	user:get on userID policy:set on userID
eai terms	GET	/v1/user/{userID}/terms	user:get on userID
eai terms --agree	PUT	/v1/user/{userID}/terms	no permission check if userID is the current user else user:get
-	HEAD	/v1/user/{userID}	no permission check if userID is the current user else user:set
eai user get {userID}	GET	/v1/user/{userID}	user:get on userID
eai user set {userID}	PUT	/v1/user/{userID}	user:set on userID
-	DELETE	/v1/user/{userID}	user:deactivate on userOrganizationID
-	POST	/v1/user/{userID}	user:reactivate on userOrganizationID
eai rule who-is-allowed {action}@{resource}	GET	/v1/who_is_allowed	action on resource user:get or role:get or team:get on resource found