Permissions Required for Cluster Agent and Infrastructure Visibility

This page includes the permissions (RBAC authorization) that are created when Cluster Agent, Splunk AppDynamics Operator, and Infrastructure Visibility pods are deployed in a cluster.

Note: You do not require to add these permissions. These are created automatically during installation.

Cluster Agent

The get, list, and watch permissions are created when you deploy Cluster Agent for the following resources:

  • pods

  • pods/log

  • endpoints

  • persistentvolumeclaims

  • resourcequotas

  • nodes

  • events

  • namespaces

  • services

  • configmaps

  • secrets

  • replicationcontrollers

  • daemonsets

  • statefulsets

  • deployment

  • replicasets

  • jobs

  • nodes

  • deploymentconfigs

Cluster Agent Auto-Instrumentation

The following permissions are created when you deploy Cluster Agent with auto-instrumentation:

ResourcesPermissions Required
pods
  • create
  • update
  • delete
pods/exec
secrets
configmaps

daemonsets

 update
statefulsets
deployments
replicasets
deploymentconfigs
namespaces
  • get
  • update
  • list
serviceaccounts

  • get

  • create
  • delete

Splunk AppDynamics Operator

The following permissions are created when you deploy Splunk AppDynamics Operator:

ResourcesPermissions Required
pods

  • get

  • watch

  • list

  • delete

pods/log
endpoints
persistentvolumeclaims
resourcequotas
nodes
events
namespaces
services
  • get
  • list
  • watch
  • create
  • update
  • delete
  • patch
configmaps
secrets
deployments
replicasets
daemonsets
statefulsets
jobs
  • get
  • list
  • watch
Cluster-Agent
  • get
  • list
  • watch
  • create
  • update
  • delete
  • patch
Clusteragents/finalizers update
Clusteragents/status
  • get
  • update
  • patch
Infravizs
  • get
  • list
  • watch
  • create
  • update
  • delete
  • patch
Infraviz/status
  • get
  • update
  • patch

Infrastructure Visibility

The following permissions are created when you deploy Infrastructure Visibility:

ResourcesView/EditPermissions Required
Infravizs View
  • get
  • list
  • watch

Infravizs/status

 View get
Infravizs Edit
  • get
  • list
  • watch
  • create
  • update
  • delete
  • patch

Infraviz/status

 Edit get

Target Allocator

The following permissions are created when you deploy Cluster Agent Target Allocator:

ResourcesPermissions Required
namespaces
  • get
  • list
  • watch
pods
nodes
statefulsets

  • update

  • get

  • list

  • create
  • delete