jerqi commented on code in PR #4496:
URL: https://github.com/apache/gravitino/pull/4496#discussion_r1717885640
##########
docs/security/access-control.md:
##########
@@ -0,0 +1,659 @@
+---
+title: "Access Control"
+slug: /security/access-control
+keyword: security
+license: "This software is licensed under the Apache License version 2."
+---
+
+## Overview
+
+Gravitino adopts RBAC and DAC.
+
+Role-based Access Control (RBAC): Access privileges are assigned to roles,
which are in turn assigned to users or groups.
+
+Discretionary Access Control(DAC): Each metadata object has an owner, who can
in turn grant access to that object.
+
+:::info
+
+Gravitino only supports authorization and doesn't support metadata
authentication.
+
+:::
+
+
+## Concept
+
+### Role
+
+A metadata object to which privileges can be granted. Roles are in turn
assigned to users or groups.
+
+### Privilege
+
+A defined level of access to an object. Multiple distinct privileges may be
used to control the granularity of access granted.
+
+### User
+
+A user identity recognized by Gravitino. External user system instead of
Gravitino manages users.
+
+### Group
+
+A group identity recognized by Gravitino. External user system instead of
Gravitino manages groups.
+
+### Metadata objects
+
+Metadata objects are managed in Gravitino, such as `CATALOG`, `SCHEMA`,
`TABLE`,
+`COLUMN`, `FILESET`, `TOPIC`, `COLUMN`, `ROLE`, `METALAKE`. A metadata object
is combined by a `type` and a
+comma-separated `name`. For example, a `CATAGLOG` object has a name "catalog1"
with type
+"CATALOG", a `SCHEMA` object has a name "catalog1.schema1" with type "SCHEMA",
a `TABLE`
+object has a name "catalog1.schema1.table1" with type "TABLE".
+
+### Securable objects
+
+A metadata object to which access can be granted. Unless allowed by a grant,
access is denied.
+
+Every securable object resides within a logical container in a hierarchy of
containers.
+
+The top container is the metalake. You can understand that metalake a customer
organization.
+
+Catalogs are under the metalake. Catalogs represent different kinds of data
sources.
+
+Schemas are under the catalog.
+
+There are tables, topics, or filesets under the schema.
+
+
+
+The relationship of the concepts is as below.
+
+
+
+
+### Ownership
+
+Every metadata object has an owner. The owner could be a user or group.
+
+The owner have all the privileges of the metadata object.
+
+The owner could be transferred to another user or group.
+
+## The types of roles
+
+### Service Admin
+
+Service admin is only used for managing the metalakes. Usually, this role is
for the maintainer of the service.
+
+### Custom Roles
+
+You can also create a dedicated role for your business by API or the client.
+
+## The types of privileges
+
+### User privileges
+
+| Name | Supports Securable Object | Operation |
+|-------------|---------------------------|---------------------|
+| ManageUsers | Metalake | Add or remove users |
+
+
+### Group privileges
+
+| Name | Supports Securable Object | Operation |
+|--------------|---------------------------|----------------------|
+| ManageGroups | Metalake | Add or remove groups |
+
+### Role privileges
+
+| Name | Supports Securable Object | Operation |
+|------------|---------------------------|---------------|
+| CreateRole | Metalake | Create a role |
+
+### Permission privileges
+
+| Name | Supports Securable Object | Operation |
+|--------------|---------------------------|------------------------|
+| ManageGrants | Metalake | grant or revoke a role |
+
+### Catalog privileges
+
+| Name | Supports Securable Object | Operation |
+|---------------|---------------------------|------------------|
+| CreateCatalog | Metalake | Create a catalog |
+| UseCatalog | Metalake, Catalog | |
+
+:::info
+
+`USE_CATALOG` is needed for a user to interact with any object within the
catalog.
+
+For example, to select data from a table, users need to have the SELECT_TABLE
privilege on that table and
+`USE CATALOG` privileges on its parent catalog as well as `USE SCHEMA`
privileges on its parent schema.
+
+:::
+
+
+### Schema privileges
+
+| Name | Supports Securable Object | Operation |
+|--------------|---------------------------|-----------------|
+| CreateSchema | Metalake, Catalog | Create a schema |
+| UseSchema | Metalake, Catalog, Schema | Use a schema |
+
+:::info
+
+`UseSchema`is needed for a user to interact with any object within the schema.
+
+For example, to select data from a table, users need to have the
`SELECT_TABLE` privilege on that table
+and `USE SCHEMA` privileges on its parent schema.
+
+:::
+
+### Table privileges
+
+| Name | Supports Securable Object | Operation
|
+|-------------|-----------------------------------|------------------------------------------------|
+| CreateTable | Metalake, Catalog, Schema | Create a table
|
+| ModifyTable | Metalake, Catalog, Schema, Table | Use the SQL
`UPDATE`,`DELETE`,`INSERT` a table |
+| SelectTable | Metalake, Catalog, Schema, Table | Use the SQL `SELECT` data
from a table |
+
+### Topic privileges
+
+| Name | Supports Securable Object | Operation
|
+|--------------|----------------------------------|-------------------------------------------|
+| CreateTopic | Metalake, Catalog, Schema | Create a topic
|
+| ProduceTopic | Metalake, Catalog, Schema, Topic | Produce a topic (including
alter a topic) |
+| ConsumeTopic | Metalake, Catalog, Schema, Topic | Consume a topic
|
+
+### Fileset privileges
+
+| Name | Supports Securable Object | Operation
|
+|---------------|------------------------------------|---------------------------------------------|
+| CreateFileset | Metalake, Catalog, Schema | Create a fileset
|
+| WriteFileset | Metalake, Catalog, Schema, Fileset | Write a fileset
(including alter a fileset) |
Review Comment:
You create any fileset. But if others create another fileset. You don't have
write privilege, too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
