Cell Permissions
The following section contains permissions used to control access in Synapse Cell implementations which are baked into the core Synapse package. These can be added to or removed from users with the cellauth tool:
python -m synapse.tools.cellauth cell://cortex modify myuser --addrule node.add
python -m synapse.tools.cellauth cell://cortex modify myuser --delrule node.tag.add
or managed through Storm (see $lib.auth).
Axon Permissions
The following permissions exist for controlling access to Axon operations.
- axon.get
Retrieve a binary object from the Axon.
- axon.has
Check if the Axon has bytes represented by a SHA-256 or return SHA-256 and object sizes from an offset.
- axon.upload
Upload and save a binary object to the Axon.
- axon.wget
Retrieve files by URL directly to the Axon.
Cell Permissions
The following permissions exist for controlling access to Cell operations.
- auth.role.add
Add a Storm Role.
- auth.role.del
Delete a Storm Role.
- auth.role.set.rules
Set rules for a Storm Role.
- auth.user.add
Add a User.
- auth.user.del
Delete a User.
- auth.user.grant
Grant a Storm Role to a user.
- auth.user.revoke
Revoke a Storm Role from a user.
- auth.user.set.admin
Set whether a User is an Admin.
- auth.user.set.email
Set the email of a User.
- auth.user.set.locked
Set the locked status of a User.
- auth.user.set.passwd
Set a User’s password.
- auth.user.set.rules
Set rules for a User.
- health
Get a HealthCheck object from the Cell.
- impersonate
Impersonate another User.
- task.del
Kill a running task.
- task.get
Get information about a running task.
Cortex Permissions
The following permissions exist for controlling access to Cortex operations.
- admin.cmds
Set or remove Storm command definitions from a Cortex.
- cron.add
Add a cron job.
- cron.del
Delete a cron job.
- cron.get
Get a cron job.
- cron.set
Update the Storm Query for a cron job.
- cron.set.doc
Set the docstring for a cron job.
- cron.set.name
Set the name for a cron job.
- dmon.add
Add a Storm Dmon.
- dmon.del
Delete any Storm Dmon.
- dmon.del.<iden>
Delete a specific Storm Dmon.
- dmon.log
Get messages from Storm Dmons.
- feed:data
Ingest feed data of any type.
- feed:data.<name>
Ingest feed data of a specific ingest type.
- globals.get
Get global variables.
- globals.get.<name>
Get a specific global variable.
- globals.pop
Pop a global variables.
- globals.pop.<name>
Pop a specific global variable.
- globals.set
Set global variables.
- globals.set.<name>
Set a specific global variable.
- layer.add
Add a Layer.
- layer.del
Delete a Layer.
- layer.edits.read
Read edits made to a layer.
- layer.lift
Lift data from any layer.
- layer.lift.<iden>
Lift data from a specific layer.
- layer.set.<name>
Set the Layer definition for a Layer.
- layer.write.<iden>
Write to any layer.
- layer.write.<iden>
Write to a specific layer.
- lib.telepath.open
Open a Telepath Proxy to a URL.
- lib.telepath.open.<scheme>
Open a Telepath Proxy to a URL with a specific scheme.
- model.prop.add.<form>
Add an extended property to a form.
- model.prop.del.<form>
Remove an extended property from a form.
- model.tagprop.add
Add a tag property.
- model.tagprop.del
Remove a tag property.
- model.univ.add
Add an extended universal property.
- model.univ.del
Remove an extended universal property.
- node.add
Add any form of node.
- node.add.<form>
Add a specific form of node. (ex.
node.add.inet:ipv4
)- node.data.pop
Remove and return the value of any node data property on a node.
- node.data.pop.<name>
Remove and return the value of a specific node data property on a node.
- node.data.set
Set any node data property on a node.
- node.data.set.<name>
Set a specific node data property on a node.
- node.del
Delete any form of node.
- node.del.<form>
Delete a <form> node. (ex.
node.del.inet:ipv4
)- node.edge.add
Add lightweight edges.
- node.edge.add.<verb>
Add lightweight edges with a specific verb.
- node.edge.del
Remove lightweight edges.
- node.edge.del.<verb>
Remove lightweight edges with a specific verb.
- node.prop.del
Delete any property.
- node.prop.del.<prop>
Delete a specific property. (ex.
node.prop.del.inet:ipv4:loc
)- node.prop.set
Set any property.
- node.prop.set.<prop>
Set a specific property. (ex.
node.prop.set.inet:ipv4:loc
)- node.tag.add
Add any tag to a node.
- node.tag.add.<tag>
Add a specific tag or subtag to a node. (ex.
node.tag.add.foo.bar
)- node.tag.del
Remove any tag from a node.
- node.tag.del.<tag>
Remove a specific tag or subtag to a node. (ex.
node.tag.del.foo.bar
)- pkg.add
Add a Storm package.
- pkg.del
Remove a Storm package.
- queue.add
Add a Queue.
- queue.del
Delete a Queue.
- queue.get
Get a Queue object.
- queue.put
Put an object in a Queue.
- service.add
Add a Storm Service.
- service.del
Remove a Storm Service.
- service.get
Get any Storm Service definition.
- service.get.<name>
Get a specific Storm Service definition.
- service.list
List the Storm Service definitions.
- status
Get status information for a Cortex.
Note: This is currently a deprecated permission.
- sync
Get nodeedit sets for a layer.
- trigger.add
Add a Trigger.
- trigger.del
Delete a Trigger.
- trigger.get
Get a Trigger.
- trigger.set
Set the Storm Query for an existing Trigger.
- trigger.set.doc
Set the docstring for a Trigger.
- trigger.set.name
Set the name for a trigger.
- view.add
Add a View.
- view.del
Delete a View.
- view.read
Read from a View.
- view.set.<name>
Set the View definition for a View.
- watch
Hook Cortex/View/Layer watch points based on a watch definition.
- watch.view.<iden>
Hook Cortex/View/Layer watch points based on a watch definition for a specific iden.
AhaCell Permissions
- aha.service.get
Get a Aha service or services.
- aha.service.get.<network>
Get a Aha service or services for a given network.
- aha.service.add.<network>.<name>
Add a Aha service for a given network.
- ana.service.del.<network>.<name>
Delete a Aha service for a given network.
- aha.ca.get
Get a CA certificate that is stored in the Aha service.
- aha.ca.gen
Generate a new CA certificate in the Aha service.
- aha.csr.host
Sign a certificate request for a host.
- aha.csr.user
Sign a certificate request for a user.