This is an automated email from the ASF dual-hosted git repository.
mchades pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new c871fcd9c [#4701] fix(docs): Fix the inconsistent privilege
descriptions (#4702)
c871fcd9c is described below
commit c871fcd9c3c1ba53fe4286ac65659071a9bba374
Author: roryqi <ror...@apache.org>
AuthorDate: Tue Aug 27 15:42:28 2024 +0800
[#4701] fix(docs): Fix the inconsistent privilege descriptions (#4702)
### What changes were proposed in this pull request?
Fix the inconsistent privilege descriptions
### Why are the changes needed?
Fix: #4701
### Does this PR introduce _any_ user-facing change?
Just docs.
### How was this patch tested?
NO.
---
docs/security/access-control.md | 84 ++++++++++++++++++++---------------------
1 file changed, 42 insertions(+), 42 deletions(-)
diff --git a/docs/security/access-control.md b/docs/security/access-control.md
index 51e607d25..b0ffaf75e 100644
--- a/docs/security/access-control.md
+++ b/docs/security/access-control.md
@@ -134,83 +134,83 @@ You can also create a dedicated role for your business by
API or the client.
### User privileges
-| Name | Supports Securable Object | Operation |
-|-------------|---------------------------|---------------------|
-| ManageUsers | Metalake | Add or remove users |
+| Name | Supports Securable Object | Operation |
+|--------------|---------------------------|---------------------|
+| MANAGE_USERS | Metalake | Add or remove users |
### Group privileges
-| Name | Supports Securable Object | Operation |
-|--------------|---------------------------|----------------------|
-| ManageGroups | Metalake | Add or remove groups |
+| Name | Supports Securable Object | Operation |
+|---------------|---------------------------|----------------------|
+| MANAGE_GROUPS | Metalake | Add or remove groups |
### Role privileges
-| Name | Supports Securable Object | Operation |
-|------------|---------------------------|---------------|
-| CreateRole | Metalake | Create a role |
+| Name | Supports Securable Object | Operation |
+|-------------|---------------------------|---------------|
+| CREATE_ROLE | Metalake | Create a role |
### Permission privileges
-| Name | Supports Securable Object | Operation |
-|--------------|---------------------------|------------------------|
-| ManageGrants | Metalake | grant or revoke a role |
+| Name | Supports Securable Object | Operation |
+|---------------|---------------------------|------------------------|
+| MANAGE_GRANTS | Metalake | grant or revoke a role |
### Catalog privileges
-| Name | Supports Securable Object | Operation |
-|---------------|---------------------------|------------------|
-| CreateCatalog | Metalake | Create a catalog |
-| UseCatalog | Metalake, Catalog | |
+| Name | Supports Securable Object | Operation |
+|----------------|---------------------------|------------------|
+| CREATE_CATALOG | Metalake | Create a catalog |
+| USE_CATALOG | Metalake, Catalog | |
:::info
`USE_CATALOG` is needed for a user to interact with any object within the
catalog.
-For example, to select data from a table, users need to have the SELECT_TABLE
privilege on that table and
-`USE CATALOG` privileges on its parent catalog as well as `USE SCHEMA`
privileges on its parent schema.
+For example, to select data from a table, users need to have the
`SELECT_TABLE` privilege on that table and
+`USE_CATALOG` privileges on its parent catalog as well as `USE_SCHEMA`
privileges on its parent schema.
:::
### Schema privileges
-| Name | Supports Securable Object | Operation |
-|--------------|---------------------------|-----------------|
-| CreateSchema | Metalake, Catalog | Create a schema |
-| UseSchema | Metalake, Catalog, Schema | Use a schema |
+| Name | Supports Securable Object | Operation |
+|---------------|---------------------------|-----------------|
+| CREATE_SCHEMA | Metalake, Catalog | Create a schema |
+| USE_SCHEMA | Metalake, Catalog, Schema | Use a schema |
:::info
-`UseSchema`is needed for a user to interact with any object within the schema.
+`USE_SCHEMA`is needed for a user to interact with any object within the
schema.
For example, to select data from a table, users need to have the
`SELECT_TABLE` privilege on that table
-and `USE SCHEMA` privileges on its parent schema.
+and `USE_SCHEMA` privileges on its parent schema.
:::
### Table privileges
-| Name | Supports Securable Object | Operation
|
-|-------------|-----------------------------------|------------------------------------------------|
-| CreateTable | Metalake, Catalog, Schema | Create a table
|
-| ModifyTable | Metalake, Catalog, Schema, Table | Use the SQL
`UPDATE`,`DELETE`,`INSERT` a table |
-| SelectTable | Metalake, Catalog, Schema, Table | Use the SQL `SELECT` data
from a table |
+| Name | Supports Securable Object | Operation
|
+|--------------|-----------------------------------|------------------------------------------------|
+| CREATE_TABLE | Metalake, Catalog, Schema | Create a table
|
+| MODIFY_TABLE | Metalake, Catalog, Schema, Table | Use the SQL
`UPDATE`,`DELETE`,`INSERT` a table |
+| SELECT_TABLE | Metalake, Catalog, Schema, Table | Use the SQL `SELECT` data
from a table |
### Topic privileges
-| Name | Supports Securable Object | Operation
|
-|--------------|----------------------------------|-------------------------------------------|
-| CreateTopic | Metalake, Catalog, Schema | Create a topic
|
-| ProduceTopic | Metalake, Catalog, Schema, Topic | Produce a topic (including
alter a topic) |
-| ConsumeTopic | Metalake, Catalog, Schema, Topic | Consume a topic
|
+| Name | Supports Securable Object | Operation
|
+|---------------|----------------------------------|-------------------------------------------|
+| CREATE_TOPIC | Metalake, Catalog, Schema | Create a topic
|
+| PRODUCE_TOPIC | Metalake, Catalog, Schema, Topic | Produce a topic
(including alter a topic) |
+| CONSUME_TOPIC | Metalake, Catalog, Schema, Topic | Consume a topic
|
### Fileset privileges
-| Name | Supports Securable Object | Operation
|
-|---------------|------------------------------------|---------------------------------------------|
-| CreateFileset | Metalake, Catalog, Schema | Create a fileset
|
-| WriteFileset | Metalake, Catalog, Schema, Fileset | Write a fileset
(including alter a fileset) |
-| ReadFileset | Metalake, Catalog, Schema, Fileset | read a fileset
|
+| Name | Supports Securable Object | Operation
|
+|----------------|------------------------------------|---------------------------------------------|
+| CREATE_FILESET | Metalake, Catalog, Schema | Create a fileset
|
+| WRITE_FILESET | Metalake, Catalog, Schema, Fileset | Write a fileset
(including alter a fileset) |
+| READ_FILESET | Metalake, Catalog, Schema, Fileset | read a fileset
|
## Inheritance Model
@@ -224,9 +224,9 @@ will be able to select(read) all tables in that catalog.
## Privilege Condition
-The privilege supports two condition: `allow` and `deny`. `allow` means that
you are able to use the privilege,
-`deny` means that you aren't able to use the privilege.
-`deny` condition is prior to `allow` condition. If a role has the `allow`
condition and `deny` condition at the same time.
+The privilege supports two condition: `ALLOW` and `DENY`. `ALLOW` means that
you are able to use the privilege,
+`DENY` means that you aren't able to use the privilege.
+`DENY` condition is prior to `ALLOW` condition. If a role has the `ALLOW`
condition and `DENY` condition at the same time.
The user won't be able to use the privilege.
If parent securable object has the same privilege name with different
condition, the securable object won't override the parent object privilege.
