roryqi commented on code in PR #10276:
URL: https://github.com/apache/gravitino/pull/10276#discussion_r2903752075
##########
docs/security/access-control.md:
##########
@@ -272,7 +272,7 @@ Gravitino provides a comprehensive set of privileges
organized by the type of op
| Name | Supports Securable Object | Operation
|
|---------------|---------------------------|---------------------------------------------------------------------------------------------------------------|
-| MANAGE_GRANTS | Metalake | Manages roles granted to or
revoked from the user or group, and privilege granted to or revoked from the
role |
+| MANAGE_GRANTS | Metalake, Catalog, Schema, Table, View, Topic, Fileset,
Model | Manages roles granted to or revoked from the user or group, and
privileges granted to or revoked from the role. When bound to a Catalog,
Schema, Table, View, Topic, Fileset, or Model, the permission is scoped to that
object and its descendants only. |
Review Comment:
Only bound to the metalake. MANAGE_GRANTS can manage the roles granted to or
revoked from the user or group. Do we need to add this point?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
