Striim 3.10.2 documentation


Permissions determine which actions each user can perform in Striim. Permissions are assigned to users through roles.

A permission defines one or more actions that may be performed on one or more component types. A permission's domain may be global (granted in all namespaces) or limited to one or more specified namespaces. Optionally, permission may be restricted to one or more objects (components, flows, and/or applications) specified by name.

The syntax is:

GRANT <action(s)> ON <component types(s)> <namespace>.<object>

For example, GRANT READ,SELECT ON type Global.*  means permission to read and select all types in the Global namespace. Since many basic Striim operations use those types, by default all users have this permission through the Global.systemuser role.

ALL (for actions) and * (for the other elements) are wildcards. For example, GRANT ALL ON * *.* means permission to perform all actions on all components in all objects in all namespaces. The admin user has this permission through the Global.admin role.



The READ action is a prerequisite for all other actions. For example, to select from a stream, you must have both READ and SELECT permissions. If you have only SELECT permission, select will fail with a "no such object" error.



  • DROP

  • GRANT (also allows use of REVOKE)


  • READ (allows user to see that objects exist, for example, when using the LIST command)


  • SELECT (allows user to query objects and to preview stream contents in the UI)



  • STOP


  • UPDATE (also allows use of ALTER and RECOMPILE)


  • alertsubscriber

  • application

  • cache

  • cluster

  • cq

  • dashboard

  • deploymentgroup

  • flow

  • initializer

  • namedquery

  • namespace

  • node

  • permission

  • propertyset

  • propertytemplate

  • queryvisualization

  • role

  • server

  • source

  • stream

  • subscription

  • target

  • type

  • user

  • wactionstore

  • window