Definition: A user represents a real person who operates on Beneath.
Relations:
Access management:
Console: Go to https://beneath.dev/USERNAME
CLI: (Not available)
Definition: An organization is the top-level owner of users and projects. Billing is managed at the organization level, which means that every resource that can accrue bills is directly or indirectly linked to exactly one organization.
Relations:
Access management:
view
permission grants the user permission to browse the members and projects in the organization.create
permission grants the user permission to create and manipulate projects in the organization.admin
permission grants the user permission to add and delete members, monitor members’ usage, and to change billing information.Console: Go to https://beneath.dev/ORGANIZATION
CLI: Run beneath organization --help
for details.
Definition: A project is a collection of streams and services. You can think of them like repositories in Git.
Relations:
Access management:
view
permission grants the user permission to browse the contents of the project, including viewing and querying records in its streams.create
permission grants the user permission to create and edit streams and services in the project, including writing data directly to (non-derived) streams.admin
permission grants the user permission to add, remove and change permissions for other users.Console: Go to https://beneath.dev/ORGANIZATION/PROJECT
CLI: Run beneath project --help
for details.
Definition: A stream is the prototype of a collection of records with a common schema. For more information about streams and the related stream instances, see Streams.
Relations:
Access management:
Console: Go to https://beneath.dev/ORGANIZATION/PROJECT/stream:STREAM
CLI: Run beneath stream --help
for details.
Definition: A stream instance represents a single version of a stream. For more information, see Streams.
Relations:
Access management: A stream instance inherits the permissions of its parent stream.
Console: Go to https://beneath.dev/ORGANIZATION/PROJECT/stream:STREAM
(only shows the primary stream instance)
CLI: Run beneath stream instance --help
for details.
Definition: A service represents a system with access to read or write data to Beneath. You can think of a service as a user for your code. They’re especially useful for creating secrets that you can use in your code to read and write to Beneath in a safe way.
A service has the following properties:
Relations:
Access management:
Console: Go to https://beneath.dev/ORGANIZATION/PROJECT/service:SERVICE
CLI: Run beneath service --help
for details.
Definition: A secret is a token that you can use to authenticate to Beneath (some products call it an API token). It belongs to either a user or a service. When you authenticate with a secret, you get the same access permissions as the parent user or service (with the caveat that you can create special read-only secrets for a user).
If you need to expose a secret publicly (e.g. in your front-end code), make sure it belongs to a service with sensible usage quotas and only read-only permissions.
Relations:
Access management:
admin
permissions on.Console: For user-owned secrets, go to https://beneath.dev/USERNAME/-/secrets
. (Not available for service-owned secrets.)
CLI: For service-owned secrets, run beneath service --help
for details. (Not available for user-owned secrets.)