User authorization
Overview
Flink supports two methods of controlling user access to User actions.
- Simple Access Control creates global access controls from environment variable config
- Role Based Access Control integrates with User authentication and respects role based controls
User actions
Note: User actions apply to specific Domains. This is important when configuring Role Based Access Control.
The following actions are supported by both methods of access control.
Domain | Action | Control (when TRUE) |
---|---|---|
FLINK | FLINK_SUBMIT | Allow users to submit Flink Jobs and upload Flink job JARs |
FLINK_JAR_DELETE | Allow users to delete Flink Job JARs | |
FLINK_JOB_TERMINATE | Allow users to cancel and terminate Flink Jobs | |
FLINK_JOB_EDIT | Allow users to edit Flink job configuration, checkpoint/snapshot | |
Flex | ADMIN | Allow users to be a Flex admin (view audit log, staged mutations) |
BULK_ACTION | Allow users to perform bulk actions. |
User permissions
Users are denied permissions on all actions by default.
To give permission to a specific action you must configure it true.
In most cases where the user is denied permission to an particular action the UI will show that denial directly to the user. In some cases the permission is determined on the back end and the user is informed after the fact that they do not have the ability to take the requested action.