Requirements for Common Tasks

Completing Control Hub tasks requires a combination of roles and permissions. The following sections list the requirements to complete common Control Hub tasks.

Note: Remember that users with the Organization Administrator role can complete all tasks and have full permissions on all objects.

Connection Tasks

The following table lists the role and permission requirements to complete common connection tasks:
Task Roles Permissions
Create a new connection. Connection Editor Read on the authoring Data Collector
Edit a connection. Connection Editor Write on connection

Read on the authoring Data Collector

Delete a connection. Connection Editor Write on connection
Test a connection. Connection Editor Write on connection

Read on the authoring Data Collector

Use a connection in a pipeline or pipeline fragment. Pipeline Editor

Engine Creator or Administrator

Connection User or Editor

Read on connection

Write on pipeline or fragment

Read on the authoring engine

View pipelines and pipeline fragments using a connection. Connection User or Editor Read on connection
Start or synchronize a job for a pipeline that uses a connection. Job Operator

Pipeline User or Editor

Connection User or Editor

Read on all connections used in the pipeline

Execute on job

Read on pipeline

Execute on all appropriate engines with the assigned labels

Data SLA Tasks

The following table lists the role and permission requirements to complete common data SLA tasks:

Task Roles Permissions
Acknowledge a triggered data SLA alert in the Alerts view. Notification User

Data SLA User or Editor

Read on data SLA
Activate or deactivate a data SLA. Data SLA Editor

Topology User or Editor

Job Operator

Pipeline User or Editor

Metrics Reader

Execute on data SLA

Read on topology

Read on all jobs in topology

Create a data SLA. Data SLA Editor

Topology User or Editor

Job Operator

Pipeline User or Editor

Metrics Reader

Read on topology

Read on all jobs in topology

Delete or edit a data SLA. Data SLA Editor

Topology User or Editor

Job Operator

Pipeline User or Editor

Metrics Reader

Write on data SLA

Read on topology

Read on all jobs in topology

View a data SLA within the topology. Data SLA User

Topology User or Editor

Job Operator

Pipeline User or Editor

Metrics Reader

Read on data SLA

Read on topology

Read on all jobs in topology

Deployment Tasks

The following table lists the role and permission requirements to complete common deployment tasks:
Note: For requirements to complete tasks on legacy Kubernetes deployments, see Provisioning Tasks.
Task Roles Permissions
Create a deployment. Deployment Manager Read on environment
Edit, start, stop, and delete the deployment. Deployment Manager Write on deployment

Read on environment

View deployment details. Deployment Manager Read on deployment

Draft Run Tasks

The following table lists the role and permission requirements to complete common draft run tasks:
Task Roles Permissions
Delete a draft run from the Draft Runs view. Job Operator Write on pipeline
Start a draft run for a draft pipeline from the pipeline canvas. Pipeline Editor

Job Operator

Engine Creator or Administrator

Write on pipeline
Stop a draft run from the pipeline canvas. Pipeline Editor

Job Operator

Engine Creator or Administrator

Write on pipeline
Stop a draft run from the Draft Runs view. Job Operator Write on pipeline
View draft run history from the Draft Runs view. Job Operator Read on pipeline

Engine Tasks

The following table lists the role and permission requirements to complete common tasks with StreamSets engines:
Note: Engines inherit the permissions assigned to the deployment.
Task Roles Permissions
Assign labels to an engine. Job Operator Write on engine
Define resource thresholds for an engine. Job Operator Write on engine
Delete an engine. Engine Administrator

Deployment Manager

Write on engine
Restart or shut down an engine in the Engines view. Engine Administrator Read on engine
Upload external resources for an engine. Engine Administrator Read on engine
Access the Engines view and view the Details, Configuration, and Metrics tabs when viewing engine details. Job Operator Read on engine
View the External Resources, Logs, Thread Dump, Support Bundle, Directories, and Health tabs when viewing engine details. Engine Administrator

Job Operator

Read on engine

Environment Tasks

The following table lists the role and permission requirements to complete common environment tasks:

Task Roles Permissions
Create an environment. Environment Manager Not applicable
Edit, activate, deactivate, and delete the environment. Environment Manager Write on environment
View environment details. Environment Manager Read on environment

Job Tasks

The following table lists the role and permission requirements to complete common job tasks:

Task Roles Permissions
Create a job from a pipeline. Job Operator

Pipeline User or Editor

Read on pipeline
Delete a job. Job Operator Write on job
Edit a job. Job Operator

Pipeline User or Editor

Write on job

Read on pipeline

Export a job. Job Operator

Pipeline User or Editor

Read on job
Import a job. Job Operator

Pipeline Editor

Not applicable
Monitor a job. Job Operator

Pipeline User or Editor

Metrics Reader

Read on job

Read on pipeline

Read on all appropriate engines with the assigned labels

Reset the origin for a job. Job Operator

Pipeline User or Editor

Execute on job

Read on pipeline

Upload an initial offset file for a job. Job Operator

Pipeline User or Editor

Write on job
Start, synchronize, and stop a job. Job Operator

Pipeline User or Editor

Execute on job

Read on pipeline

Execute on all appropriate engines with the assigned labels

Job Template Tasks

The following table lists the role and permission requirements to complete common job template tasks:

Task Roles Permissions
Archive a job template. Job Operator Write on job template
Create a job template. Job Operator

Pipeline User or Editor

Read on pipeline
Create and start job instances from a job template. Job Operator

Pipeline User or Editor

Execute on job template

Read on pipeline

Execute on all appropriate engines with the assigned labels

Delete a job template. Job Operator Write on job template
Edit a job template. Job Operator

Pipeline User or Editor

Write on job template

Read on pipeline

Export a job template. Job Operator

Pipeline User or Editor

Read on job template
Import a job template. Job Operator

Pipeline Editor

Not applicable

Pipeline Fragment Tasks

The following table lists the role and permission requirements to complete common pipeline fragment tasks:
Task Roles Permissions
Create and remove tags for a fragment. Pipeline Editor Write on fragment
Delete a fragment version. Pipeline Editor Write on fragment
Create a new fragment, including publishing the fragment. Pipeline Editor

Job Operator

Engine Creator or Administrator

Read on the authoring engine
Configure a fragment, including publishing the fragment. Pipeline Editor

Job Operator

Engine Creator or Administrator

Write on fragment

Read on the authoring engine

Use a fragment in a pipeline. Pipeline Editor

Job Operator

Engine Creator or Administrator

Read on fragment

Write on pipeline

Read on the authoring engine

Export a fragment. Pipeline User or Editor Read on fragment
Import a fragment. Pipeline Editor Not applicable
View configuration details and version history. Pipeline User or Editor Read on fragment

Pipeline Tasks

The following table lists the role and permission requirements to complete common pipeline tasks:

Task Roles Permissions
Create and remove tags for a pipeline. Pipeline Editor Write on pipeline
Delete a pipeline version. Pipeline Editor Write on pipeline
Create a new pipeline, including performing data preview and explicit validation and publishing the pipeline. Pipeline Editor

Job Operator

Engine Creator or Administrator

Read on the authoring engine
Create a pipeline from a user-defined sample pipeline. Pipeline Editor

Job Operator

Engine Creator or Administrator

Read on sample pipeline

Read on the authoring engine

Configure a pipeline, including performing data preview and explicit validation and publishing the pipeline. Pipeline Editor

Job Operator

Engine Creator or Administrator

Write on pipeline

Read on the authoring engine

Export a pipeline. Pipeline User or Editor Read on pipeline
Import a pipeline. Pipeline Editor Not applicable
View configuration details and version history. Pipeline User or Editor Read on pipeline

Provisioning Tasks

The following table lists the role and permission requirements to complete common provisioning tasks:
Note: Provisioning Agents and legacy deployments are included with legacy Kubernetes integration which is enabled only for some accounts.
Task Roles Permissions
Create a legacy deployment. Provisioning Operator Not applicable
Delete and edit an inactive legacy deployment. Provisioning Operator Write on deployment
Delete a Provisioning Agent from Control Hub. Provisioning Operator Write on Provisioning Agent
Scale, start, and stop a legacy deployment. Provisioning Operator Execute on deployment
View legacy deployment configuration details. Provisioning Operator Read on deployment
View Provisioning Agent configuration details. Provisioning Operator Read on Provisioning Agent

Scheduled Tasks

The following table lists the role and permission requirements to complete common tasks for scheduled tasks in the Control Hub scheduler:

Task Roles Permissions
Create a scheduled task for a job. Scheduler Operator

Job Operator

Execute on job

View and monitor a scheduled task. Scheduler Operator Read on scheduled task
Edit a scheduled task. Scheduler Operator Write on scheduled task
Pause, resume, kill, or delete a scheduled task. Scheduler Operator Execute on scheduled task

Subscription Tasks

The following table lists the role and permission requirements to complete common subscription tasks:

Task Roles Permissions
Create a subscription. Notification User Not applicable
View a subscription. Notification User Read on subscription
Manage a subscription - including editing, enabling, disabling, and deleting a subscription. Notification User Write on subscription

Topology Tasks

The following table lists the role and permission requirements to complete common topology tasks:

Task Roles Permissions
Create a topology. Topology Editor Not applicable
Delete topology versions. Topology Editor

Job Operator

Pipeline Editor

Write on topology
Export a topology. Topology User or Editor

Job Operator

Pipeline User or Editor

Read on topology
Import a topology. Topology Editor

Job Operator

Pipeline Editor

Not applicable
Map jobs and systems in a topology. Topology Editor

Job Operator

Pipeline Editor

Write on topology

Read on all jobs in topology

Read on all pipelines in topology

Monitor a topology. Topology User or Topology Editor

Job Operator

Pipeline User or Editor

Metrics Reader

Read on topology

Read on all jobs in topology

Read on all pipelines in topology

View a topology. Topology User or Topology Editor

Job Operator

Pipeline User or Editor

Read on topology

Read on all jobs in topology

Read on all pipelines in topology