Cell Permissions

The following section contains permissions used to control access in Synapse Cell implementations which are baked into the core Synapse package. These can be added to or removed from users with the cellauth tool:

python -m synapse.tools.cellauth cell://cortex modify myuser --addrule node.add
python -m synapse.tools.cellauth cell://cortex modify myuser --delrule node.tag.add

or managed through Storm (see $lib.auth).

Axon Permissions

The following permissions exist for controlling access to Axon operations.

axon.get

Retrieve a binary object from the Axon.

axon.has

Check if the Axon has bytes represented by a SHA-256 or return SHA-256 and object sizes from an offset.

axon.upload

Upload and save a binary object to the Axon.

axon.wget

Retrieve files by URL directly to the Axon.

Cell Permissions

The following permissions exist for controlling access to Cell operations.

auth.role.add

Add a Storm Role.

auth.role.del

Delete a Storm Role.

auth.role.set.rules

Set rules for a Storm Role.

auth.user.add

Add a User.

auth.user.del

Delete a User.

auth.user.grant

Grant a Storm Role to a user.

auth.user.revoke

Revoke a Storm Role from a user.

auth.user.set.admin

Set whether a User is an Admin.

auth.user.set.email

Set the email of a User.

auth.user.set.locked

Set the locked status of a User.

auth.user.set.passwd

Set a User’s password.

auth.user.set.rules

Set rules for a User.

health

Get a HealthCheck object from the Cell.

impersonate

Impersonate another User.

task.del

Kill a running task.

task.get

Get information about a running task.

Cortex Permissions

The following permissions exist for controlling access to Cortex operations.

admin.cmds

Set or remove Storm command definitions from a Cortex.

cron.add

Add a cron job.

cron.del

Delete a cron job.

cron.get

Get a cron job.

cron.set

Update the Storm Query for a cron job.

cron.set.doc

Set the docstring for a cron job.

cron.set.name

Set the name for a cron job.

dmon.add

Add a Storm Dmon.

dmon.del

Delete any Storm Dmon.

dmon.del.<iden>

Delete a specific Storm Dmon.

dmon.log

Get messages from Storm Dmons.

feed:data

Ingest feed data of any type.

feed:data.<name>

Ingest feed data of a specific ingest type.

globals.get

Get global variables.

globals.get.<name>

Get a specific global variable.

globals.pop

Pop a global variables.

globals.pop.<name>

Pop a specific global variable.

globals.set

Set global variables.

globals.set.<name>

Set a specific global variable.

layer.add

Add a Layer.

layer.del

Delete a Layer.

layer.edits.read

Read edits made to a layer.

layer.lift

Lift data from any layer.

layer.lift.<iden>

Lift data from a specific layer.

layer.set.<name>

Set the Layer definition for a Layer.

layer.write.<iden>

Write to any layer.

layer.write.<iden>

Write to a specific layer.

lib.telepath.open

Open a Telepath Proxy to a URL.

lib.telepath.open.<scheme>

Open a Telepath Proxy to a URL with a specific scheme.

model.prop.add.<form>

Add an extended property to a form.

model.prop.del.<form>

Remove an extended property from a form.

model.tagprop.add

Add a tag property.

model.tagprop.del

Remove a tag property.

model.univ.add

Add an extended universal property.

model.univ.del

Remove an extended universal property.

node.add

Add any form of node.

node.add.<form>

Add a specific form of node. (ex. node.add.inet:ipv4)

node.data.pop

Remove and return the value of any node data property on a node.

node.data.pop.<name>

Remove and return the value of a specific node data property on a node.

node.data.set

Set any node data property on a node.

node.data.set.<name>

Set a specific node data property on a node.

node.del

Delete any form of node.

node.del.<form>

Delete a <form> node. (ex. node.del.inet:ipv4)

node.edge.add

Add lightweight edges.

node.edge.add.<verb>

Add lightweight edges with a specific verb.

node.edge.del

Remove lightweight edges.

node.edge.del.<verb>

Remove lightweight edges with a specific verb.

node.prop.del

Delete any property.

node.prop.del.<prop>

Delete a specific property. (ex. node.prop.del.inet:ipv4:loc)

node.prop.set

Set any property.

node.prop.set.<prop>

Set a specific property. (ex. node.prop.set.inet:ipv4:loc)

node.tag.add

Add any tag to a node.

node.tag.add.<tag>

Add a specific tag or subtag to a node. (ex. node.tag.add.foo.bar)

node.tag.del

Remove any tag from a node.

node.tag.del.<tag>

Remove a specific tag or subtag to a node. (ex. node.tag.del.foo.bar)

pkg.add

Add a Storm package.

pkg.del

Remove a Storm package.

queue.add

Add a Queue.

queue.del

Delete a Queue.

queue.get

Get a Queue object.

queue.put

Put an object in a Queue.

service.add

Add a Storm Service.

service.del

Remove a Storm Service.

service.get

Get any Storm Service definition.

service.get.<name>

Get a specific Storm Service definition.

service.list

List the Storm Service definitions.

status

Get status information for a Cortex.

Note: This is currently a deprecated permission.

sync

Get nodeedit sets for a layer.

trigger.add

Add a Trigger.

trigger.del

Delete a Trigger.

trigger.get

Get a Trigger.

trigger.set

Set the Storm Query for an existing Trigger.

trigger.set.doc

Set the docstring for a Trigger.

trigger.set.name

Set the name for a trigger.

view.add

Add a View.

view.del

Delete a View.

view.read

Read from a View.

view.set.<name>

Set the View definition for a View.

watch

Hook Cortex/View/Layer watch points based on a watch definition.

watch.view.<iden>

Hook Cortex/View/Layer watch points based on a watch definition for a specific iden.

AhaCell Permissions

aha.service.get

Get a Aha service or services.

aha.service.get.<network>

Get a Aha service or services for a given network.

aha.service.add.<network>.<name>

Add a Aha service for a given network.

ana.service.del.<network>.<name>

Delete a Aha service for a given network.

aha.ca.get

Get a CA certificate that is stored in the Aha service.

aha.ca.gen

Generate a new CA certificate in the Aha service.

aha.csr.host

Sign a certificate request for a host.

aha.csr.user

Sign a certificate request for a user.