Eventing Access Control
- Capella Operational
To create and manage Eventing Functions, you need the proper Organization Role, Project Role, or Cluster Access Credentials.
Access Eventing with the Capella UI
To be able to use the Eventing service through the Capella UI, you must have one of the following project roles:
-
Data Reader
-
Data Writer
-
Project Owner
For more information about the project roles and their privileges, see Project Roles.
The following table summarizes the actions that you can perform with the Eventing Service using each of these project roles.
| Action | Data Reader | Data Writer | Project Owner |
|---|---|---|---|
Create / Import / Edit Function |
No |
Yes |
Yes |
Deploy / Undeploy |
No |
Yes |
Yes |
View Logs / JavaScript/ Settings |
Yes |
Yes |
Yes |
Delete Function |
No |
Yes |
Yes |
Export Function |
Yes |
Yes |
Yes |
| The Cluster Viewer and Cluster Manager roles do not grant Eventing privileges. |
Access Eventing with Cluster Access Credentials
To access the Eventing Service programmatically via an SDK or API, your client must have the appropriate cluster access credentials, with access to the buckets, scopes, and collections that your Eventing functions use. For more information, see Cluster Access.
The following table summarizes the basic access levels or advanced access privileges that your cluster access credentials must have, for each of the target keyspaces that your Eventing functions read from or write to.
| Target Keyspace | Basic Access Level | Advanced Access Privilege |
|---|---|---|
Source / Mutation |
|
|
Metadata / Storage |
|
|
Bindings |
|
|