Page Comparison

ADMIN on the application

Deploying the app with a jar

ADMIN on the artifact (use the jar name as the artifact id)

Deploying the app using an existing artifact

Any privilege of READ, WRITE, EXECUTE, or ADMIN on the artifact

No impersonation

Creating a dataset

ADMIN on the dataset

Creating a stream

ADMIN on the stream

Creating a custom dataset during deployment

ADMIN on the new dataset module and type (use the full class name of the custom dataset as the module id and type id)

Creating a custom dataset using an existing custom dataset type

ADMIN on the existing dataset module and type

With impersonation

ADMIN on the kerberos principal of the impersonated user

Creating a dataset

ADMIN on the dataset

Creating a stream

ADMIN on the stream

Creating a custom dataset during deployment

ADMIN on the new dataset module and type (use the full class name of the custom dataset as the module id and type id)

Creating a custom dataset using an existing custom dataset type

ADMIN on the existing dataset module and type

READ from existing streams and datasets

READ on the streams and datasets

WRITE to existing streams and datasets

WRITE on the streams and datasets

Creating datasets

ADMIN on the datasets

Creating local datasets, READ/WRITE on local datasets

ADMIN, READ/WRITE on local dataset name—dataset:<namespace-id>.<local-dataset-id>*

Accessing external source/sink, i.e, accessing datasets outside CDAP (only for hydrator pipelines)

ADMIN, READ and WRITE on the external datasets. The name of the external dataset will be same as the reference name of the source/sink—dataset:<namespace-id>.<reference-name>