As you wish to give each stream admin enough permission to manage his/her stream, you will want to give permission to the following resources at least:

• Stream
• App
• App.Object
• ReloadTask

To keep it generic, for this particular security rule, you will need to use the asterisk as a wildcard. The resource filter code looks as follows:

Stream_*, App_*, App.Object_*, ReloadTask_*