justinmclean commented on code in PR #8136: URL: https://github.com/apache/gravitino/pull/8136#discussion_r2281228878
########## docs/manage-policies-in-gravitino.md: ########## @@ -0,0 +1,443 @@ +--- +title: "Manage policies in Gravitino" +slug: /manage-policies-in-gravitino +date: 2025-08-04 +keyword: policy management, policy, policies, Gravitino, data governance +license: This software is licensed under the Apache License version 2. +--- + +import Tabs from '@theme/Tabs'; +import TabItem from '@theme/TabItem'; + +## Introduction + +Starting from 1.0.0, Gravitino introduces a new policy system that allows you to manage policies for +metadata objects. Policies are a set of rules that can be associated with a metadata +object for data governance and so on. + +This document briefly introduces how to use policies in Gravitino by both Gravitino Java client and +REST APIs. If you want to know more about the policy system in Gravitino, please refer to the +Javadoc and REST API documentation. + +:::info +1. Metadata objects are objects that are managed in Gravitino, such as `CATALOG`, `SCHEMA`, `TABLE`, + `FILESET`, `TOPIC`, and `MODEL`. A metadata object is combined by a `type` and a dot-separated + `name`. For example, a `CATALOG` object has a name "catalog1" with type "CATALOG", a `SCHEMA` + object has a name "catalog1.schema1" with type "SCHEMA", a `TABLE` object has a name + "catalog1.schema1.table1" with type "TABLE". +2. Currently, `CATALOG`, `SCHEMA`, `TABLE`, `FILESET`, `TOPIC`, and `MODEL` objects can be + associated with policies. +3. Policies in Gravitino is inheritable, so listing policies of a metadata object will also list the + policies of its parent metadata objects. For example, listing policies of a `Table` will also list + the policies of its parent `Schema` and `Catalog`. +4. Same policy can be associated to both parent and child metadata objects. But when you list the + associated policies of a child metadata object, this policy will be included only once in the result + list with `inherited` value `false`. +::: + +## Policy operations + +### Create new policies + +The first step to manage policies is to create new policies. You can create a new policy by providing a policy +name, type, and other optional fields like comment, enabled, etc. + +Gravitino supports two kinds of policies: built-in policies and custom policies. +For built-in policies, the `policyType` is starting with `system.` and the `supportedObjectTypes` in the policy content is predefined. Review Comment: the `policyType` starts with `system,` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
