hdygxsj commented on code in PR #9035:
URL: https://github.com/apache/gravitino/pull/9035#discussion_r2510531288
##########
docs/security/access-control.md:
##########
@@ -264,6 +265,13 @@ DENY `WRITE_FILESET` won‘t deny the `READ_FILESET`
operation if the user has t
| CREATE_MODEL_VERSION | Metalake, Catalog, Schema, Model | Create a model
version |
| USE_MODEL | Metalake, Catalog, Schema, Model | View the metadata
of the model and download all the model versions |
+### Tag privileges
+
+| Name | Supports Securable Object | Operation |
+|------------|---------------------------|--------------|
+| CREATE_TAG | Metalake | Create a tag |
+| APPLY_TAG | Metalake, Tag | Apply a tag |
Review Comment:
It is only used to associate tags with metadata objects.
##########
docs/security/access-control.md:
##########
@@ -1025,4 +1033,13 @@ The following table lists the required privileges for
each API.
| grant privilege | `MANAGE_GRANTS` on the metalake or the
owner of the securable object
|
| revoke privilege | `MANAGE_GRANTS` on the metalake or the
owner of the securable object
|
| set owner | The owner of the securable object
|
+| list tags | `APPLY_TAG` on the metalake, the owner
of the metalake, or the tag itself.
|
+| create tag | `CREATE_TAG` on the metalake or the
owner of the metalake.
|
+| get tag | `APPLY_TAG` on the metalake or tag, the
owner of the metalake, or the tag itself.
|
+| alter tag | Must be the owner of the metalake or the
tag.
|
+| delete tag | Must be the owner of the metalake or the
tag.
|
Review Comment:
yes
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
