As you wish to give each stream admin enough permission to manage his/her stream, you will want to give permission to the following resources at least:
- Stream
- App
- App.Object
- ReloadTask
To keep it generic, for this particular security rule, you will need to use the asterisk as a wildcard. The resource filter code looks as follows:
Stream_*, App_*, App.Object_*, ReloadTask_*