User authorization

Overview

Flink supports two methods of controlling user access to User actions.

User actions

Note: User actions apply to specific Domains. This is important when configuring Role Based Access Control.

The following actions are supported by both methods of access control.

DomainActionControl (when TRUE)
FLINKFLINK_SUBMITAllow users to submit Flink Jobs and upload Flink job JARs
FLINK_JAR_DELETEAllow users to delete Flink Job JARs
FLINK_JOB_TERMINATEAllow users to cancel and terminate Flink Jobs
FLINK_JOB_EDITAllow users to edit Flink job configuration, checkpoint/snapshot
FlexADMINAllow users to be a Flex admin (view audit log, staged mutations)
BULK_ACTIONAllow users to perform bulk actions.

User permissions

Users are denied permissions on all actions by default.

To give permission to a specific action you must configure it true.

In most cases where the user is denied permission to an particular action the UI will show that denial directly to the user. In some cases the permission is determined on the back end and the user is informed after the fact that they do not have the ability to take the requested action.