shaofengshi commented on code in PR #5783: URL: https://github.com/apache/gravitino/pull/5783#discussion_r1872668102
########## docs/cli.md: ########## @@ -688,10 +694,23 @@ gcli group grant --group groupA --role admin ``` #### Remove a role from a group + ```bash gcli group revoke --group groupA --role admin ``` +### Grant a privilege + +```bash +gcli catalog grant --name catalog_postgres --role admin --privilege create_table modify_table Review Comment: I think the "grant privilege" action should be executed on the role entity, instead of at a catalog/schema/table entity, because we grant privilege of a securable object to role first, and then grant the role to a specific user or group. IMO, the command should be like: "gcli role grant --role admin --name catalog_postgres --privilege create_table modify_table" "gcli role grant --role admin --name catalog_postgres.default --privilege create_table modify_table" "gcli role grant --role admin --name catalog_postgres.default.hr --privilege select_table" "gcli role revoke --role admin --name catalog_postgres --privilege create_table modify_table" @jerqi can confirm this behavior. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
