Copilot commented on code in PR #863:
URL: https://github.com/apache/ranger/pull/863#discussion_r2866831843
##########
agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json:
##########
@@ -6,194 +6,558 @@
"guid": "ca1b484b-e397-4ab4-b6e3-36a154662d7d",
"resources": [
{
- "itemId": 1,
- "name": "root",
- "label": "Root",
- "description": "Root",
- "parent": "",
- "level": 10,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "service-access-manage", "catalog-create",
"catalog-list", "principal-create", "principal-list", "principal-role-create",
"principal-role-list" ]
+ "itemId": 1,
+ "name": "root",
+ "label": "Root",
+ "description": "Root",
+ "parent": "",
+ "level": 10,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "service-access-manage",
+ "catalog-create",
+ "catalog-list",
+ "principal-create",
+ "principal-list",
+ "principal-role-create",
+ "principal-role-list"
+ ]
},
{
- "itemId": 2,
- "name": "catalog",
- "label": "Catalog",
- "description": "Catalog",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-access-manage", "catalog-drop",
"catalog-properties-read", "catalog-properties-write", "catalog-metadata-full",
"catalog-metadata-manage", "catalog-content-manage", "catalog-grants-list",
"catalog-grants-manage", "catalog-role-create", "catalog-role-list",
"catalog-policy-attach", "catalog-policy-detach" ]
+ "itemId": 2,
+ "name": "catalog",
+ "label": "Catalog",
+ "description": "Catalog",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-drop",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "catalog-metadata-manage",
+ "catalog-content-manage",
+ "catalog-access-manage",
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-list",
+ "catalog-policy-attach",
+ "catalog-policy-detach"
+ ]
},
{
- "itemId": 3,
- "name": "principal",
- "label": "Principal",
- "description": "Principal",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-grants-manage",
"principal-grants-for-grantee-manage", "principal-grants-list",
"principal-role-grants-list", "catalog-role-grants-list", "principal-drop",
"principal-properties-read", "principal-properties-write",
"principal-metadata-full", "principal-credentials-rotate",
"principal-credentials-reset" ]
+ "itemId": 3,
+ "name": "principal",
+ "label": "Principal",
+ "description": "Principal",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-drop",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-rotate",
+ "principal-credentials-reset",
+ "principal-role-grants-list",
+ "catalog-role-grants-list"
+ ]
},
{
- "itemId": 4,
- "name": "principal-role",
- "label": "Principal Role",
- "description": "Principal Role",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-role-usage",
"principal-role-drop", "principal-role-properties-read",
"principal-role-properties-write", "principal-role-metadata-full",
"principal-role-grants-manage", "principal-role-grants-for-grantee-manage" ]
+ "itemId": 4,
+ "name": "principal-role",
+ "label": "Principal Role",
+ "description": "Principal Role",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-role-drop",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-manage",
+ "principal-role-grants-for-grantee-manage",
+ "principal-role-usage"
+ ]
},
{
- "itemId": 5,
- "name": "namespace",
- "label": "Namespace",
- "description": "Namespace",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "namespace-create", "table-create",
"view-create", "namespace-drop", "namespace-list", "table-list", "view-list",
"namespace-properties-read", "namespace-properties-write",
"namespace-metadata-full", "namespace-grants-list", "namespace-grants-manage",
"policy-create", "policy-list", "namespace-policy-attach",
"namespace-policy-detach" ]
+ "itemId": 5,
+ "name": "namespace",
+ "label": "Namespace",
+ "description": "Namespace",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-metadata-full",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "table-create",
+ "table-list",
+ "view-create",
+ "view-list",
+ "policy-create",
+ "policy-list"
+ ]
},
{
- "itemId": 6,
- "name": "catalog-role",
- "label": "Catalog Role",
- "description": "Catalog Role",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-role-usage", "catalog-role-drop",
"catalog-role-properties-read", "catalog-role-properties-write",
"catalog-role-metadata-full", "catalog-role-grants-manage",
"catalog-role-grants-for-grantee-manage" ]
+ "itemId": 6,
+ "name": "catalog-role",
+ "label": "Catalog Role",
+ "description": "Catalog Role",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-role-drop",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "catalog-role-usage"
+ ]
},
{
- "itemId": 7,
- "name": "table",
- "label": "Table",
- "description": "Table",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "table-drop", "view-drop",
"table-properties-read", "table-properties-write", "view-properties-read",
"view-properties-write", "table-data-read", "table-data-write",
"table-metadata-full", "view-metadata-full", "table-grants-list",
"view-grants-list", "table-grants-manage", "view-grants-manage",
"table-policy-attach", "table-policy-detach" ]
+ "itemId": 7,
+ "name": "table",
+ "label": "Table",
+ "description": "Table",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "table-drop",
+ "table-data-read",
+ "table-data-write",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-metadata-full",
+ "table-grants-list",
+ "table-grants-manage",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-drop",
+ "view-properties-read",
+ "view-properties-write",
+ "view-metadata-full",
+ "view-grants-list",
+ "view-grants-manage"
+ ]
},
{
- "itemId": 8,
- "name": "policy",
- "label": "Policy",
- "description": "Policy",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "policy-read", "policy-drop",
"policy-write", "policy-metadata-full", "policy-attach", "policy-detach",
"policy-grants-manage" ]
+ "itemId": 8,
+ "name": "policy",
+ "label": "Policy",
+ "description": "Policy",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "policy-read",
+ "policy-drop",
+ "policy-write",
+ "policy-metadata-full",
+ "policy-attach",
+ "policy-detach",
+ "policy-grants-manage"
+ ]
}
],
"accessTypes": [
- { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE" },
+ { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-create",
+ "catalog-drop",
+ "catalog-list",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "principal-create",
+ "principal-drop",
+ "principal-list",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-reset",
+ "principal-role-create",
+ "principal-role-drop",
+ "principal-role-list",
+ "principal-role-grants-list",
+ "principal-role-grants-manage",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-for-grantee-manage"
+ ]
+ },
+ { "itemId": 2, "name": "catalog-create", "label": "Catalog Create",
"category": "CREATE", "impliedGrants": [ "catalog-list" ] },
+ { "itemId": 3, "name": "catalog-drop", "label": "Catalog Drop",
"category": "DELETE" },
+ { "itemId": 4, "name": "catalog-list", "label": "Catalog List",
"category": "READ" },
+ { "itemId": 5, "name": "catalog-access-manage", "label": "Catalog Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-drop",
+ "catalog-role-list",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-list",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "table-grants-list",
+ "table-grants-manage",
+ "view-grants-list",
+ "view-grants-manage",
+ "policy-grants-manage"
+ ]
+ },
+ { "itemId": 6, "name": "catalog-content-manage", "label": "Catalog Manage
Content", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-list",
+ "catalog-metadata-manage",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-policy-attach",
Review Comment:
The PR description says this change only adds missed permissions to the
`table` resource, but this diff also introduces extensive `impliedGrants`
relationships across many accessTypes (and reorders/recategorizes permissions).
If the goal is strictly to fix the table permissions list, consider scoping
this PR down (or updating the PR description and adding rationale/tests)
because these extra changes can affect effective authorization behavior and UI
semantics beyond the table resource.
##########
agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json:
##########
@@ -6,194 +6,558 @@
"guid": "ca1b484b-e397-4ab4-b6e3-36a154662d7d",
"resources": [
{
- "itemId": 1,
- "name": "root",
- "label": "Root",
- "description": "Root",
- "parent": "",
- "level": 10,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "service-access-manage", "catalog-create",
"catalog-list", "principal-create", "principal-list", "principal-role-create",
"principal-role-list" ]
+ "itemId": 1,
+ "name": "root",
+ "label": "Root",
+ "description": "Root",
+ "parent": "",
+ "level": 10,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "service-access-manage",
+ "catalog-create",
+ "catalog-list",
+ "principal-create",
+ "principal-list",
+ "principal-role-create",
+ "principal-role-list"
+ ]
},
{
- "itemId": 2,
- "name": "catalog",
- "label": "Catalog",
- "description": "Catalog",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-access-manage", "catalog-drop",
"catalog-properties-read", "catalog-properties-write", "catalog-metadata-full",
"catalog-metadata-manage", "catalog-content-manage", "catalog-grants-list",
"catalog-grants-manage", "catalog-role-create", "catalog-role-list",
"catalog-policy-attach", "catalog-policy-detach" ]
+ "itemId": 2,
+ "name": "catalog",
+ "label": "Catalog",
+ "description": "Catalog",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-drop",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "catalog-metadata-manage",
+ "catalog-content-manage",
+ "catalog-access-manage",
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-list",
+ "catalog-policy-attach",
+ "catalog-policy-detach"
+ ]
},
{
- "itemId": 3,
- "name": "principal",
- "label": "Principal",
- "description": "Principal",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-grants-manage",
"principal-grants-for-grantee-manage", "principal-grants-list",
"principal-role-grants-list", "catalog-role-grants-list", "principal-drop",
"principal-properties-read", "principal-properties-write",
"principal-metadata-full", "principal-credentials-rotate",
"principal-credentials-reset" ]
+ "itemId": 3,
+ "name": "principal",
+ "label": "Principal",
+ "description": "Principal",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-drop",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-rotate",
+ "principal-credentials-reset",
+ "principal-role-grants-list",
+ "catalog-role-grants-list"
+ ]
},
{
- "itemId": 4,
- "name": "principal-role",
- "label": "Principal Role",
- "description": "Principal Role",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-role-usage",
"principal-role-drop", "principal-role-properties-read",
"principal-role-properties-write", "principal-role-metadata-full",
"principal-role-grants-manage", "principal-role-grants-for-grantee-manage" ]
+ "itemId": 4,
+ "name": "principal-role",
+ "label": "Principal Role",
+ "description": "Principal Role",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-role-drop",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-manage",
+ "principal-role-grants-for-grantee-manage",
+ "principal-role-usage"
+ ]
},
{
- "itemId": 5,
- "name": "namespace",
- "label": "Namespace",
- "description": "Namespace",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "namespace-create", "table-create",
"view-create", "namespace-drop", "namespace-list", "table-list", "view-list",
"namespace-properties-read", "namespace-properties-write",
"namespace-metadata-full", "namespace-grants-list", "namespace-grants-manage",
"policy-create", "policy-list", "namespace-policy-attach",
"namespace-policy-detach" ]
+ "itemId": 5,
+ "name": "namespace",
+ "label": "Namespace",
+ "description": "Namespace",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-metadata-full",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "table-create",
+ "table-list",
+ "view-create",
+ "view-list",
+ "policy-create",
+ "policy-list"
+ ]
},
{
- "itemId": 6,
- "name": "catalog-role",
- "label": "Catalog Role",
- "description": "Catalog Role",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-role-usage", "catalog-role-drop",
"catalog-role-properties-read", "catalog-role-properties-write",
"catalog-role-metadata-full", "catalog-role-grants-manage",
"catalog-role-grants-for-grantee-manage" ]
+ "itemId": 6,
+ "name": "catalog-role",
+ "label": "Catalog Role",
+ "description": "Catalog Role",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-role-drop",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "catalog-role-usage"
+ ]
},
{
- "itemId": 7,
- "name": "table",
- "label": "Table",
- "description": "Table",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "table-drop", "view-drop",
"table-properties-read", "table-properties-write", "view-properties-read",
"view-properties-write", "table-data-read", "table-data-write",
"table-metadata-full", "view-metadata-full", "table-grants-list",
"view-grants-list", "table-grants-manage", "view-grants-manage",
"table-policy-attach", "table-policy-detach" ]
+ "itemId": 7,
+ "name": "table",
+ "label": "Table",
+ "description": "Table",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "table-drop",
+ "table-data-read",
+ "table-data-write",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-metadata-full",
+ "table-grants-list",
+ "table-grants-manage",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-drop",
+ "view-properties-read",
+ "view-properties-write",
+ "view-metadata-full",
+ "view-grants-list",
+ "view-grants-manage"
+ ]
},
{
- "itemId": 8,
- "name": "policy",
- "label": "Policy",
- "description": "Policy",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "policy-read", "policy-drop",
"policy-write", "policy-metadata-full", "policy-attach", "policy-detach",
"policy-grants-manage" ]
+ "itemId": 8,
+ "name": "policy",
+ "label": "Policy",
+ "description": "Policy",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "policy-read",
+ "policy-drop",
+ "policy-write",
+ "policy-metadata-full",
+ "policy-attach",
+ "policy-detach",
+ "policy-grants-manage"
+ ]
}
],
"accessTypes": [
- { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE" },
+ { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-create",
+ "catalog-drop",
+ "catalog-list",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "principal-create",
+ "principal-drop",
+ "principal-list",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-reset",
+ "principal-role-create",
+ "principal-role-drop",
+ "principal-role-list",
+ "principal-role-grants-list",
+ "principal-role-grants-manage",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-for-grantee-manage"
+ ]
+ },
+ { "itemId": 2, "name": "catalog-create", "label": "Catalog Create",
"category": "CREATE", "impliedGrants": [ "catalog-list" ] },
+ { "itemId": 3, "name": "catalog-drop", "label": "Catalog Drop",
"category": "DELETE" },
+ { "itemId": 4, "name": "catalog-list", "label": "Catalog List",
"category": "READ" },
+ { "itemId": 5, "name": "catalog-access-manage", "label": "Catalog Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-drop",
+ "catalog-role-list",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-list",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "table-grants-list",
+ "table-grants-manage",
+ "view-grants-list",
+ "view-grants-manage",
+ "policy-grants-manage"
+ ]
+ },
+ { "itemId": 6, "name": "catalog-content-manage", "label": "Catalog Manage
Content", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-list",
+ "catalog-metadata-manage",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-policy-attach",
+ "catalog-policy-detach",
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-metadata-full",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "policy-create",
+ "policy-drop",
+ "policy-list",
+ "policy-read",
+ "policy-write",
+ "policy-attach",
+ "policy-detach",
+ "table-create",
+ "table-drop",
+ "table-list",
+ "table-data-read",
+ "table-data-write",
+ "table-metadata-full",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-create",
+ "view-drop",
+ "view-list",
+ "view-metadata-full",
+ "view-properties-read",
+ "view-properties-write"
+ ]
+ },
+ { "itemId": 7, "name": "catalog-grants-list", "label": "Catalog
Grants List", "category": "READ" },
+ { "itemId": 8, "name": "catalog-grants-manage", "label": "Catalog
Grants Manage", "category": "MANAGE", "impliedGrants": [
"catalog-grants-list" ] },
+ { "itemId": 9, "name": "catalog-metadata-full", "label": "Catalog
Metadata Full", "category": "MANAGE", "impliedGrants": [ "catalog-create",
"catalog-drop", "catalog-list", "catalog-properties-read",
"catalog-properties-write" ] },
+ { "itemId": 10, "name": "catalog-metadata-manage", "label": "Catalog
Metadata Manage", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-list",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-policy-attach",
+ "catalog-policy-detach",
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-metadata-full",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "policy-create",
+ "policy-drop",
+ "policy-list",
+ "policy-read",
+ "policy-write",
+ "policy-attach",
+ "policy-detach",
+ "table-create",
+ "table-drop",
+ "table-list",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-metadata-full",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-create",
+ "view-drop",
+ "view-list",
+ "view-properties-read",
+ "view-properties-write",
+ "view-metadata-full"
+ ]
+ },
+ { "itemId": 11, "name": "catalog-policy-attach", "label": "Catalog
Policy Attach", "category": "MANAGE" },
+ { "itemId": 12, "name": "catalog-policy-detach", "label": "Catalog
Policy Detach", "category": "MANAGE" },
+ { "itemId": 13, "name": "catalog-properties-read", "label": "Catalog
Properties Read", "category": "READ", "impliedGrants": [ "catalog-list" ] },
+ { "itemId": 14, "name": "catalog-properties-write", "label": "Catalog
Properties Write", "category": "UPDATE", "impliedGrants": [ "catalog-list",
"catalog-properties-read" ] },
- { "itemId": 2, "name": "catalog-create", "label":
"Catalog Create", "category": "CREATE" },
- { "itemId": 3, "name": "catalog-drop", "label":
"Catalog Drop", "category": "DELETE" },
- { "itemId": 4, "name": "catalog-list", "label":
"Catalog List", "category": "READ" },
- { "itemId": 5, "name": "catalog-access-manage", "label":
"Catalog Manage Access", "category": "MANAGE" },
- { "itemId": 6, "name": "catalog-content-manage", "label":
"Catalog Manage Content", "category": "MANAGE" },
- { "itemId": 7, "name": "catalog-grants-list", "label":
"Catalog Grants List", "category": "READ" },
- { "itemId": 8, "name": "catalog-grants-manage", "label":
"Catalog Grants Manage", "category": "MANAGE" },
- { "itemId": 9, "name": "catalog-metadata-full", "label":
"Catalog Metadata Full", "category": "MANAGE" },
- { "itemId": 10, "name": "catalog-metadata-manage", "label":
"Catalog Metadata Manage", "category": "MANAGE" },
- { "itemId": 11, "name": "catalog-policy-attach", "label":
"Catalog Policy Attach", "category": "MANAGE" },
- { "itemId": 12, "name": "catalog-policy-detach", "label":
"Catalog Policy Detach", "category": "MANAGE" },
- { "itemId": 13, "name": "catalog-properties-read", "label":
"Catalog Properties Read", "category": "READ" },
- { "itemId": 14, "name": "catalog-properties-write", "label":
"Catalog Properties Write", "category": "UPDATE" },
- { "itemId": 15, "name": "catalog-role-create", "label":
"Catalog Role Create", "category": "CREATE" },
+ { "itemId": 15, "name": "catalog-role-create", "label":
"Catalog Role Create", "category": "CREATE",
"impliedGrants": [ "catalog-role-list" ] },
{ "itemId": 16, "name": "catalog-role-drop", "label":
"Catalog Role Drop", "category": "DELETE" },
{ "itemId": 17, "name": "catalog-role-list", "label":
"Catalog Role List", "category": "READ" },
{ "itemId": 18, "name": "catalog-role-usage", "label":
"Catalog Role Usage", "category": "MANAGE" },
- { "itemId": 19, "name": "catalog-role-grants-for-grantee-manage", "label":
"Catalog Role Grants-for-Grantee Manage", "category": "MANAGE" },
+ { "itemId": 19, "name": "catalog-role-grants-for-grantee-manage", "label":
"Catalog Role Grants-for-Grantee Manage", "category": "MANAGE",
"impliedGrants": [ "catalog-role-grants-list" ] },
{ "itemId": 20, "name": "catalog-role-grants-list", "label":
"Catalog Role Grants List", "category": "READ" },
- { "itemId": 21, "name": "catalog-role-grants-manage", "label":
"Catalog Role Grants Manage", "category": "MANAGE" },
- { "itemId": 22, "name": "catalog-role-metadata-full", "label":
"Catalog Role Metadata Full", "category": "MANAGE" },
- { "itemId": 23, "name": "catalog-role-properties-read", "label":
"Catalog Role Properties Read", "category": "READ" },
- { "itemId": 24, "name": "catalog-role-properties-write", "label":
"Catalog Role Properties Write", "category": "UPDATE" },
+ { "itemId": 21, "name": "catalog-role-grants-manage", "label":
"Catalog Role Grants Manage", "category": "MANAGE",
"impliedGrants": [ "catalog-role-grants-list" ] },
+ { "itemId": 22, "name": "catalog-role-metadata-full", "label":
"Catalog Role Metadata Full", "category": "MANAGE",
"impliedGrants": [ "catalog-role-create", "catalog-role-drop",
"catalog-role-list", "catalog-role-properties-read",
"catalog-role-properties-write" ] },
+ { "itemId": 23, "name": "catalog-role-properties-read", "label":
"Catalog Role Properties Read", "category": "READ",
"impliedGrants": [ "catalog-role-list" ] },
+ { "itemId": 24, "name": "catalog-role-properties-write", "label":
"Catalog Role Properties Write", "category": "UPDATE",
"impliedGrants": [ "catalog-role-list", "catalog-role-properties-read" ] },
- { "itemId": 25, "name": "namespace-create", "label": "Namespace
Create", "category": "CREATE" },
+ { "itemId": 25, "name": "namespace-create", "label": "Namespace
Create", "category": "CREATE", "impliedGrants": [ "namespace-list" ]
},
{ "itemId": 26, "name": "namespace-drop", "label": "Namespace
Drop", "category": "DELETE" },
{ "itemId": 27, "name": "namespace-list", "label": "Namespace
List", "category": "READ" },
{ "itemId": 28, "name": "namespace-grants-list", "label": "Namespace
Grants List", "category": "READ" },
- { "itemId": 29, "name": "namespace-grants-manage", "label": "Namespace
Grants Manage", "category": "MANAGE" },
- { "itemId": 30, "name": "namespace-metadata-full", "label": "Namespace
Metadata Full", "category": "MANAGE" },
+ { "itemId": 29, "name": "namespace-grants-manage", "label": "Namespace
Grants Manage", "category": "MANAGE", "impliedGrants": [
"namespace-grants-list" ] },
+ { "itemId": 30, "name": "namespace-metadata-full", "label": "Namespace
Metadata Full", "category": "MANAGE", "impliedGrants": [ "namespace-create",
"namespace-drop", "namespace-list", "namespace-properties-read",
"namespace-properties-write" ] },
{ "itemId": 31, "name": "namespace-policy-attach", "label": "Namespace
Policy Attach", "category": "MANAGE" },
{ "itemId": 32, "name": "namespace-policy-detach", "label": "Namespace
Policy Detach", "category": "MANAGE" },
- { "itemId": 33, "name": "namespace-properties-read", "label": "Namespace
Properties Read", "category": "READ" },
- { "itemId": 34, "name": "namespace-properties-write", "label": "Namespace
Properties Write", "category": "UPDATE" },
+ { "itemId": 33, "name": "namespace-properties-read", "label": "Namespace
Properties Read", "category": "READ", "impliedGrants": [ "namespace-list" ] },
+ { "itemId": 34, "name": "namespace-properties-write", "label": "Namespace
Properties Write", "category": "UPDATE", "impliedGrants": [ "namespace-list",
"namespace-properties-read" ] },
- { "itemId": 35, "name": "policy-create", "label": "Policy Create",
"category": "CREATE" },
+ { "itemId": 35, "name": "policy-create", "label": "Policy Create",
"category": "CREATE", "impliedGrants": [ "policy-list" ] },
{ "itemId": 36, "name": "policy-drop", "label": "Policy Drop",
"category": "DELETE" },
{ "itemId": 37, "name": "policy-list", "label": "Policy List",
"category": "READ" },
- { "itemId": 38, "name": "policy-read", "label": "Policy Read",
"category": "READ" },
- { "itemId": 39, "name": "policy-write", "label": "Policy Write",
"category": "UPDATE" },
+ { "itemId": 38, "name": "policy-read", "label": "Policy Read",
"category": "READ", "impliedGrants": [ "policy-list" ] },
+ { "itemId": 39, "name": "policy-write", "label": "Policy Write",
"category": "UPDATE", "impliedGrants": [ "policy-list", "policy-read" ] },
{ "itemId": 40, "name": "policy-attach", "label": "Policy Attach",
"category": "MANAGE" },
{ "itemId": 41, "name": "policy-detach", "label": "Policy Detach",
"category": "MANAGE" },
{ "itemId": 42, "name": "policy-grants-manage", "label": "Policy Grants
Manage", "category": "MANAGE" },
- { "itemId": 43, "name": "policy-metadata-full", "label": "Policy Metadata
Full", "category": "MANAGE" },
+ { "itemId": 43, "name": "policy-metadata-full", "label": "Policy Metadata
Full", "category": "MANAGE", "impliedGrants": [ "policy-create", "policy-drop",
"policy-list", "policy-read", "policy-write" ] },
- { "itemId": 44, "name": "principal-create", "label":
"Principal Create", "category": "CREATE" },
+ { "itemId": 44, "name": "principal-create", "label":
"Principal Create", "category": "CREATE", "impliedGrants": [
"principal-list" ] },
{ "itemId": 45, "name": "principal-drop", "label":
"Principal Drop", "category": "DELETE" },
{ "itemId": 46, "name": "principal-list", "label":
"Principal List", "category": "READ" },
{ "itemId": 47, "name": "principal-credentials-reset", "label":
"Principal Credentials Reset", "category": "MANAGE" },
{ "itemId": 48, "name": "principal-credentials-rotate", "label":
"Principal Credentials Rotate", "category": "MANAGE" },
{ "itemId": 49, "name": "principal-grants-list", "label":
"Principal Grants List", "category": "READ" },
- { "itemId": 50, "name": "principal-grants-manage", "label":
"Principal Grants Manage", "category": "MANAGE" },
- { "itemId": 51, "name": "principal-grants-for-grantee-manage", "label":
"Principal Grants-for-Grantee Manage", "category": "MANAGE" },
- { "itemId": 52, "name": "principal-metadata-full", "label":
"Principal Metadata Full", "category": "MANAGE" },
- { "itemId": 53, "name": "principal-properties-read", "label":
"Principal Properties Read", "category": "READ" },
- { "itemId": 54, "name": "principal-properties-write", "label":
"Principal Properties Write", "category": "UPDATE" },
- { "itemId": 55, "name": "principal-role-create",
"label": "Principal Role Create", "category": "CREATE" },
+ { "itemId": 50, "name": "principal-grants-manage", "label":
"Principal Grants Manage", "category": "MANAGE", "impliedGrants": [
"principal-grants-list" ] },
+ { "itemId": 51, "name": "principal-grants-for-grantee-manage", "label":
"Principal Grants-for-Grantee Manage", "category": "MANAGE", "impliedGrants": [
"principal-grants-list" ] },
+ { "itemId": 52, "name": "principal-metadata-full", "label":
"Principal Metadata Full", "category": "MANAGE", "impliedGrants": [
"principal-create", "principal-drop", "principal-list",
"principal-properties-read", "principal-properties-write" ] },
+ { "itemId": 53, "name": "principal-properties-read", "label":
"Principal Properties Read", "category": "READ", "impliedGrants": [
"principal-list" ] },
+ { "itemId": 54, "name": "principal-properties-write", "label":
"Principal Properties Write", "category": "UPDATE", "impliedGrants": [
"principal-list", "principal-properties-read" ] },
+
+ { "itemId": 55, "name": "principal-role-create",
"label": "Principal Role Create", "category": "CREATE",
"impliedGrants": [ "principal-role-list" ] },
{ "itemId": 56, "name": "principal-role-drop",
"label": "Principal Role Drop", "category": "DELETE" },
{ "itemId": 57, "name": "principal-role-list",
"label": "Principal Role List", "category": "READ" },
{ "itemId": 58, "name": "principal-role-usage",
"label": "Principal Role Usage", "category": "MANAGE" },
{ "itemId": 59, "name": "principal-role-grants-list",
"label": "Principal Role Grants List", "category": "READ" },
- { "itemId": 60, "name": "principal-role-grants-manage",
"label": "Principal Role Grants Manage", "category": "MANAGE" },
- { "itemId": 61, "name": "principal-role-grants-for-grantee-manage",
"label": "Principal Role Grants-for-Grantee Manage", "category": "MANAGE" },
+ { "itemId": 60, "name": "principal-role-grants-manage",
"label": "Principal Role Grants Manage", "category": "MANAGE",
"impliedGrants": [ "principal-role-grants-list" ] },
+ { "itemId": 61, "name": "principal-role-grants-for-grantee-manage",
"label": "Principal Role Grants-for-Grantee Manage", "category": "MANAGE",
"impliedGrants": [ "principal-role-grants-list" ] },
{ "itemId": 62, "name": "principal-role-metadata-full",
"label": "Principal Role Metadata Full", "category": "MANAGE" },
{ "itemId": 63, "name": "principal-role-properties-read",
"label": "Principal Role Properties Read", "category": "READ" },
{ "itemId": 64, "name": "principal-role-properties-write",
"label": "Principal Role Properties Write", "category": "UPDATE" },
- { "itemId": 65, "name": "table-create", "label": "Table
Create", "category": "CREATE" },
- { "itemId": 66, "name": "table-drop", "label": "Table
Drop", "category": "DELETE" },
- { "itemId": 67, "name": "table-list", "label": "Table
List", "category": "READ" },
- { "itemId": 68, "name": "table-data-read", "label": "Table
Data Read", "category": "READ" },
- { "itemId": 69, "name": "table-data-write", "label": "Table
Data Write", "category": "UPDATE" },
- { "itemId": 70, "name": "table-grants-list", "label": "Table
Grants List", "category": "READ" },
- { "itemId": 71, "name": "table-grants-manage", "label": "Table
Grants Manage", "category": "MANAGE" },
- { "itemId": 72, "name": "table-metadata-full", "label": "Table
Metadata Full", "category": "MANAGE" },
- { "itemId": 73, "name": "table-policy-attach", "label": "Table
Policy Attach", "category": "MANAGE" },
- { "itemId": 74, "name": "table-policy-detach", "label": "Table
Policy Detach", "category": "MANAGE" },
- { "itemId": 75, "name": "table-properties-read", "label": "Table
Properties Read", "category": "READ" },
- { "itemId": 76, "name": "table-properties-write", "label": "Table
Properties Write", "category": "UPDATE" },
- { "itemId": 77, "name": "table-properties-set", "label": "Table
Properties Set", "category": "MANAGE" },
- { "itemId": 78, "name": "table-properties-remove", "label": "Table
Properties Remove", "category": "MANAGE" },
- { "itemId": 79, "name": "table-uuid-assign", "label": "Table
UUID Assign", "category": "MANAGE" },
- { "itemId": 80, "name": "table-format-version-upgrade", "label": "Table
Format Version Upgrade", "category": "MANAGE" },
- { "itemId": 81, "name": "table-schema-add", "label": "Table
Schema Add", "category": "MANAGE" },
- { "itemId": 82, "name": "table-schema-set-current", "label": "Table
Schema Set Current", "category": "MANAGE" },
- { "itemId": 83, "name": "table-partition-spec-add", "label": "Table
Partition Spec Add", "category": "MANAGE" },
- { "itemId": 84, "name": "table-partition-specs-remove", "label": "Table
Partition Specs Remove", "category": "MANAGE" },
- { "itemId": 85, "name": "table-sort-order-add", "label": "Table
Sort Order Add", "category": "MANAGE" },
- { "itemId": 86, "name": "table-sort-order-set-default", "label": "Table
Sort Order Set Default", "category": "MANAGE" },
- { "itemId": 87, "name": "table-snapshot-add", "label": "Table
Snapshot Add", "category": "MANAGE" },
- { "itemId": 88, "name": "table-snapshots-remove", "label": "Table
Snapshots Remove", "category": "MANAGE" },
- { "itemId": 89, "name": "table-snapshot-ref-set", "label": "Table
Snapshot-ref Set", "category": "MANAGE" },
- { "itemId": 90, "name": "table-snapshot-ref-remove", "label": "Table
Snapshot-ref Remove", "category": "MANAGE" },
- { "itemId": 91, "name": "table-location-set", "label": "Table
Location Set", "category": "MANAGE" },
- { "itemId": 92, "name": "table-statistics-set", "label": "Table
Statistics Set", "category": "MANAGE" },
- { "itemId": 93, "name": "table-statistics-remove", "label": "Table
Statistics Remove", "category": "MANAGE" },
- { "itemId": 94, "name": "table-structure-manage", "label": "Table
Structure Manage", "category": "MANAGE" },
+ { "itemId": 65, "name": "table-create", "label": "Table Create",
"category": "CREATE", "impliedGrants": [ "table-list" ] },
+ { "itemId": 66, "name": "table-drop", "label": "Table Drop",
"category": "DELETE" },
+ { "itemId": 67, "name": "table-list", "label": "Table List",
"category": "READ" },
+ { "itemId": 68, "name": "table-data-read", "label": "Table Data Read",
"category": "READ", "impliedGrants": [ "table-list", "table-properties-read"
] },
+ { "itemId": 69, "name": "table-data-write", "label": "Table Data Write",
"category": "UPDATE",
+ "impliedGrants": [
+ "table-list",
+ "table-data-read",
+ "table-properties-read",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-structure-manage"
+ ]
+ },
+ { "itemId": 70, "name": "table-grants-list", "label": "Table Grants
List", "category": "READ" },
+ { "itemId": 71, "name": "table-grants-manage", "label": "Table Grants
Manage", "category": "MANAGE", "impliedGrants": [ "table-grants-list" ] },
+ { "itemId": 72, "name": "table-metadata-full", "label": "Table Metadata
Full", "category": "MANAGE",
+ "impliedGrants": [
+ "table-create",
+ "table-drop",
+ "table-list",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage"
+ ]
+ },
+ { "itemId": 73, "name": "table-policy-attach", "label": "Table Policy
Attach", "category": "MANAGE" },
+ { "itemId": 74, "name": "table-policy-detach", "label": "Table Policy
Detach", "category": "MANAGE" },
+ { "itemId": 75, "name": "table-properties-read", "label": "Table
Properties Read", "category": "READ", "impliedGrants": [ "table-list" ] },
+ { "itemId": 76, "name": "table-properties-write", "label": "Table
Properties Write", "category": "UPDATE",
+ "impliedGrants": [
+ "table-list",
+ "table-properties-read",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage"
+ ]
+ },
+ { "itemId": 77, "name": "table-properties-set", "label": "Table
Properties Set", "category": "UPDATE" },
+ { "itemId": 78, "name": "table-properties-remove", "label": "Table
Properties Remove", "category": "UPDATE" },
+ { "itemId": 79, "name": "table-uuid-assign", "label": "Table
UUID Assign", "category": "UPDATE" },
+ { "itemId": 80, "name": "table-format-version-upgrade", "label": "Table
Format Version Upgrade", "category": "UPDATE" },
+ { "itemId": 81, "name": "table-schema-add", "label": "Table
Schema Add", "category": "UPDATE" },
+ { "itemId": 82, "name": "table-schema-set-current", "label": "Table
Schema Set Current", "category": "UPDATE" },
+ { "itemId": 83, "name": "table-partition-spec-add", "label": "Table
Partition Spec Add", "category": "UPDATE" },
+ { "itemId": 84, "name": "table-partition-specs-remove", "label": "Table
Partition Specs Remove", "category": "UPDATE" },
+ { "itemId": 85, "name": "table-sort-order-add", "label": "Table
Sort Order Add", "category": "UPDATE" },
+ { "itemId": 86, "name": "table-sort-order-set-default", "label": "Table
Sort Order Set Default", "category": "UPDATE" },
+ { "itemId": 87, "name": "table-snapshot-add", "label": "Table
Snapshot Add", "category": "UPDATE" },
+ { "itemId": 88, "name": "table-snapshots-remove", "label": "Table
Snapshots Remove", "category": "UPDATE" },
+ { "itemId": 89, "name": "table-snapshot-ref-set", "label": "Table
Snapshot-ref Set", "category": "UPDATE" },
+ { "itemId": 90, "name": "table-snapshot-ref-remove", "label": "Table
Snapshot-ref Remove", "category": "UPDATE" },
+ { "itemId": 91, "name": "table-location-set", "label": "Table
Location Set", "category": "UPDATE" },
+ { "itemId": 92, "name": "table-statistics-set", "label": "Table
Statistics Set", "category": "UPDATE" },
+ { "itemId": 93, "name": "table-statistics-remove", "label": "Table
Statistics Remove", "category": "UPDATE" },
+ { "itemId": 94, "name": "table-structure-manage", "label": "Table
Structure Manage", "category": "UPDATE",
Review Comment:
Several permissions that previously had category `MANAGE` are now
categorized as `UPDATE` (e.g., `table-properties-set/remove`,
`table-uuid-assign`, schema/partition/snapshot ops, and
`table-structure-manage`). If category drives how Ranger UI groups/admins
reason about these privileges, this is a behavioral/UI change unrelated to
adding missing table permissions. Consider restoring the prior categories (or
document why these should be `UPDATE`).
```suggestion
{ "itemId": 84, "name": "table-partition-specs-remove", "label": "Table
Partition Specs Remove", "category": "MANAGE" },
{ "itemId": 85, "name": "table-sort-order-add", "label": "Table
Sort Order Add", "category": "UPDATE" },
{ "itemId": 86, "name": "table-sort-order-set-default", "label": "Table
Sort Order Set Default", "category": "UPDATE" },
{ "itemId": 87, "name": "table-snapshot-add", "label": "Table
Snapshot Add", "category": "MANAGE" },
{ "itemId": 88, "name": "table-snapshots-remove", "label": "Table
Snapshots Remove", "category": "MANAGE" },
{ "itemId": 89, "name": "table-snapshot-ref-set", "label": "Table
Snapshot-ref Set", "category": "MANAGE" },
{ "itemId": 90, "name": "table-snapshot-ref-remove", "label": "Table
Snapshot-ref Remove", "category": "MANAGE" },
{ "itemId": 91, "name": "table-location-set", "label": "Table
Location Set", "category": "UPDATE" },
{ "itemId": 92, "name": "table-statistics-set", "label": "Table
Statistics Set", "category": "UPDATE" },
{ "itemId": 93, "name": "table-statistics-remove", "label": "Table
Statistics Remove", "category": "UPDATE" },
{ "itemId": 94, "name": "table-structure-manage", "label": "Table
Structure Manage", "category": "MANAGE",
```
##########
agents-common/src/main/resources/service-defs/ranger-servicedef-polaris.json:
##########
@@ -6,194 +6,558 @@
"guid": "ca1b484b-e397-4ab4-b6e3-36a154662d7d",
"resources": [
{
- "itemId": 1,
- "name": "root",
- "label": "Root",
- "description": "Root",
- "parent": "",
- "level": 10,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "service-access-manage", "catalog-create",
"catalog-list", "principal-create", "principal-list", "principal-role-create",
"principal-role-list" ]
+ "itemId": 1,
+ "name": "root",
+ "label": "Root",
+ "description": "Root",
+ "parent": "",
+ "level": 10,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "service-access-manage",
+ "catalog-create",
+ "catalog-list",
+ "principal-create",
+ "principal-list",
+ "principal-role-create",
+ "principal-role-list"
+ ]
},
{
- "itemId": 2,
- "name": "catalog",
- "label": "Catalog",
- "description": "Catalog",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-access-manage", "catalog-drop",
"catalog-properties-read", "catalog-properties-write", "catalog-metadata-full",
"catalog-metadata-manage", "catalog-content-manage", "catalog-grants-list",
"catalog-grants-manage", "catalog-role-create", "catalog-role-list",
"catalog-policy-attach", "catalog-policy-detach" ]
+ "itemId": 2,
+ "name": "catalog",
+ "label": "Catalog",
+ "description": "Catalog",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-drop",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "catalog-metadata-manage",
+ "catalog-content-manage",
+ "catalog-access-manage",
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-list",
+ "catalog-policy-attach",
+ "catalog-policy-detach"
+ ]
},
{
- "itemId": 3,
- "name": "principal",
- "label": "Principal",
- "description": "Principal",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-grants-manage",
"principal-grants-for-grantee-manage", "principal-grants-list",
"principal-role-grants-list", "catalog-role-grants-list", "principal-drop",
"principal-properties-read", "principal-properties-write",
"principal-metadata-full", "principal-credentials-rotate",
"principal-credentials-reset" ]
+ "itemId": 3,
+ "name": "principal",
+ "label": "Principal",
+ "description": "Principal",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-drop",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-rotate",
+ "principal-credentials-reset",
+ "principal-role-grants-list",
+ "catalog-role-grants-list"
+ ]
},
{
- "itemId": 4,
- "name": "principal-role",
- "label": "Principal Role",
- "description": "Principal Role",
- "parent": "root",
- "level": 20,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "principal-role-usage",
"principal-role-drop", "principal-role-properties-read",
"principal-role-properties-write", "principal-role-metadata-full",
"principal-role-grants-manage", "principal-role-grants-for-grantee-manage" ]
+ "itemId": 4,
+ "name": "principal-role",
+ "label": "Principal Role",
+ "description": "Principal Role",
+ "parent": "root",
+ "level": 20,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "principal-role-drop",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-manage",
+ "principal-role-grants-for-grantee-manage",
+ "principal-role-usage"
+ ]
},
{
- "itemId": 5,
- "name": "namespace",
- "label": "Namespace",
- "description": "Namespace",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "namespace-create", "table-create",
"view-create", "namespace-drop", "namespace-list", "table-list", "view-list",
"namespace-properties-read", "namespace-properties-write",
"namespace-metadata-full", "namespace-grants-list", "namespace-grants-manage",
"policy-create", "policy-list", "namespace-policy-attach",
"namespace-policy-detach" ]
+ "itemId": 5,
+ "name": "namespace",
+ "label": "Namespace",
+ "description": "Namespace",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-metadata-full",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "table-create",
+ "table-list",
+ "view-create",
+ "view-list",
+ "policy-create",
+ "policy-list"
+ ]
},
{
- "itemId": 6,
- "name": "catalog-role",
- "label": "Catalog Role",
- "description": "Catalog Role",
- "parent": "catalog",
- "level": 30,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "catalog-role-usage", "catalog-role-drop",
"catalog-role-properties-read", "catalog-role-properties-write",
"catalog-role-metadata-full", "catalog-role-grants-manage",
"catalog-role-grants-for-grantee-manage" ]
+ "itemId": 6,
+ "name": "catalog-role",
+ "label": "Catalog Role",
+ "description": "Catalog Role",
+ "parent": "catalog",
+ "level": 30,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "catalog-role-drop",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "catalog-role-usage"
+ ]
},
{
- "itemId": 7,
- "name": "table",
- "label": "Table",
- "description": "Table",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "table-drop", "view-drop",
"table-properties-read", "table-properties-write", "view-properties-read",
"view-properties-write", "table-data-read", "table-data-write",
"table-metadata-full", "view-metadata-full", "table-grants-list",
"view-grants-list", "table-grants-manage", "view-grants-manage",
"table-policy-attach", "table-policy-detach" ]
+ "itemId": 7,
+ "name": "table",
+ "label": "Table",
+ "description": "Table",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "table-drop",
+ "table-data-read",
+ "table-data-write",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-metadata-full",
+ "table-grants-list",
+ "table-grants-manage",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-drop",
+ "view-properties-read",
+ "view-properties-write",
+ "view-metadata-full",
+ "view-grants-list",
+ "view-grants-manage"
+ ]
},
{
- "itemId": 8,
- "name": "policy",
- "label": "Policy",
- "description": "Policy",
- "parent": "namespace",
- "level": 40,
- "isValidLeaf": true,
- "accessTypeRestrictions": [ "policy-read", "policy-drop",
"policy-write", "policy-metadata-full", "policy-attach", "policy-detach",
"policy-grants-manage" ]
+ "itemId": 8,
+ "name": "policy",
+ "label": "Policy",
+ "description": "Policy",
+ "parent": "namespace",
+ "level": 40,
+ "isValidLeaf": true,
+ "accessTypeRestrictions": [
+ "policy-read",
+ "policy-drop",
+ "policy-write",
+ "policy-metadata-full",
+ "policy-attach",
+ "policy-detach",
+ "policy-grants-manage"
+ ]
}
],
"accessTypes": [
- { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE" },
+ { "itemId": 1, "name": "service-access-manage", "label": "Service Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-create",
+ "catalog-drop",
+ "catalog-list",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-metadata-full",
+ "principal-create",
+ "principal-drop",
+ "principal-list",
+ "principal-properties-read",
+ "principal-properties-write",
+ "principal-metadata-full",
+ "principal-grants-list",
+ "principal-grants-manage",
+ "principal-grants-for-grantee-manage",
+ "principal-credentials-reset",
+ "principal-role-create",
+ "principal-role-drop",
+ "principal-role-list",
+ "principal-role-grants-list",
+ "principal-role-grants-manage",
+ "principal-role-properties-read",
+ "principal-role-properties-write",
+ "principal-role-metadata-full",
+ "principal-role-grants-for-grantee-manage"
+ ]
+ },
+ { "itemId": 2, "name": "catalog-create", "label": "Catalog Create",
"category": "CREATE", "impliedGrants": [ "catalog-list" ] },
+ { "itemId": 3, "name": "catalog-drop", "label": "Catalog Drop",
"category": "DELETE" },
+ { "itemId": 4, "name": "catalog-list", "label": "Catalog List",
"category": "READ" },
+ { "itemId": 5, "name": "catalog-access-manage", "label": "Catalog Manage
Access", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-grants-list",
+ "catalog-grants-manage",
+ "catalog-role-create",
+ "catalog-role-drop",
+ "catalog-role-list",
+ "catalog-role-properties-read",
+ "catalog-role-properties-write",
+ "catalog-role-metadata-full",
+ "catalog-role-grants-list",
+ "catalog-role-grants-manage",
+ "catalog-role-grants-for-grantee-manage",
+ "namespace-grants-list",
+ "namespace-grants-manage",
+ "table-grants-list",
+ "table-grants-manage",
+ "view-grants-list",
+ "view-grants-manage",
+ "policy-grants-manage"
+ ]
+ },
+ { "itemId": 6, "name": "catalog-content-manage", "label": "Catalog Manage
Content", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-list",
+ "catalog-metadata-manage",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-policy-attach",
+ "catalog-policy-detach",
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-metadata-full",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "policy-create",
+ "policy-drop",
+ "policy-list",
+ "policy-read",
+ "policy-write",
+ "policy-attach",
+ "policy-detach",
+ "table-create",
+ "table-drop",
+ "table-list",
+ "table-data-read",
+ "table-data-write",
+ "table-metadata-full",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-create",
+ "view-drop",
+ "view-list",
+ "view-metadata-full",
+ "view-properties-read",
+ "view-properties-write"
+ ]
+ },
+ { "itemId": 7, "name": "catalog-grants-list", "label": "Catalog
Grants List", "category": "READ" },
+ { "itemId": 8, "name": "catalog-grants-manage", "label": "Catalog
Grants Manage", "category": "MANAGE", "impliedGrants": [
"catalog-grants-list" ] },
+ { "itemId": 9, "name": "catalog-metadata-full", "label": "Catalog
Metadata Full", "category": "MANAGE", "impliedGrants": [ "catalog-create",
"catalog-drop", "catalog-list", "catalog-properties-read",
"catalog-properties-write" ] },
+ { "itemId": 10, "name": "catalog-metadata-manage", "label": "Catalog
Metadata Manage", "category": "MANAGE",
+ "impliedGrants": [
+ "catalog-list",
+ "catalog-properties-read",
+ "catalog-properties-write",
+ "catalog-policy-attach",
+ "catalog-policy-detach",
+ "namespace-create",
+ "namespace-drop",
+ "namespace-list",
+ "namespace-properties-read",
+ "namespace-properties-write",
+ "namespace-metadata-full",
+ "namespace-policy-attach",
+ "namespace-policy-detach",
+ "policy-create",
+ "policy-drop",
+ "policy-list",
+ "policy-read",
+ "policy-write",
+ "policy-attach",
+ "policy-detach",
+ "table-create",
+ "table-drop",
+ "table-list",
+ "table-properties-read",
+ "table-properties-write",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-metadata-full",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-policy-attach",
+ "table-policy-detach",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-structure-manage",
+ "view-create",
+ "view-drop",
+ "view-list",
+ "view-properties-read",
+ "view-properties-write",
+ "view-metadata-full"
+ ]
+ },
+ { "itemId": 11, "name": "catalog-policy-attach", "label": "Catalog
Policy Attach", "category": "MANAGE" },
+ { "itemId": 12, "name": "catalog-policy-detach", "label": "Catalog
Policy Detach", "category": "MANAGE" },
+ { "itemId": 13, "name": "catalog-properties-read", "label": "Catalog
Properties Read", "category": "READ", "impliedGrants": [ "catalog-list" ] },
+ { "itemId": 14, "name": "catalog-properties-write", "label": "Catalog
Properties Write", "category": "UPDATE", "impliedGrants": [ "catalog-list",
"catalog-properties-read" ] },
- { "itemId": 2, "name": "catalog-create", "label":
"Catalog Create", "category": "CREATE" },
- { "itemId": 3, "name": "catalog-drop", "label":
"Catalog Drop", "category": "DELETE" },
- { "itemId": 4, "name": "catalog-list", "label":
"Catalog List", "category": "READ" },
- { "itemId": 5, "name": "catalog-access-manage", "label":
"Catalog Manage Access", "category": "MANAGE" },
- { "itemId": 6, "name": "catalog-content-manage", "label":
"Catalog Manage Content", "category": "MANAGE" },
- { "itemId": 7, "name": "catalog-grants-list", "label":
"Catalog Grants List", "category": "READ" },
- { "itemId": 8, "name": "catalog-grants-manage", "label":
"Catalog Grants Manage", "category": "MANAGE" },
- { "itemId": 9, "name": "catalog-metadata-full", "label":
"Catalog Metadata Full", "category": "MANAGE" },
- { "itemId": 10, "name": "catalog-metadata-manage", "label":
"Catalog Metadata Manage", "category": "MANAGE" },
- { "itemId": 11, "name": "catalog-policy-attach", "label":
"Catalog Policy Attach", "category": "MANAGE" },
- { "itemId": 12, "name": "catalog-policy-detach", "label":
"Catalog Policy Detach", "category": "MANAGE" },
- { "itemId": 13, "name": "catalog-properties-read", "label":
"Catalog Properties Read", "category": "READ" },
- { "itemId": 14, "name": "catalog-properties-write", "label":
"Catalog Properties Write", "category": "UPDATE" },
- { "itemId": 15, "name": "catalog-role-create", "label":
"Catalog Role Create", "category": "CREATE" },
+ { "itemId": 15, "name": "catalog-role-create", "label":
"Catalog Role Create", "category": "CREATE",
"impliedGrants": [ "catalog-role-list" ] },
{ "itemId": 16, "name": "catalog-role-drop", "label":
"Catalog Role Drop", "category": "DELETE" },
{ "itemId": 17, "name": "catalog-role-list", "label":
"Catalog Role List", "category": "READ" },
{ "itemId": 18, "name": "catalog-role-usage", "label":
"Catalog Role Usage", "category": "MANAGE" },
- { "itemId": 19, "name": "catalog-role-grants-for-grantee-manage", "label":
"Catalog Role Grants-for-Grantee Manage", "category": "MANAGE" },
+ { "itemId": 19, "name": "catalog-role-grants-for-grantee-manage", "label":
"Catalog Role Grants-for-Grantee Manage", "category": "MANAGE",
"impliedGrants": [ "catalog-role-grants-list" ] },
{ "itemId": 20, "name": "catalog-role-grants-list", "label":
"Catalog Role Grants List", "category": "READ" },
- { "itemId": 21, "name": "catalog-role-grants-manage", "label":
"Catalog Role Grants Manage", "category": "MANAGE" },
- { "itemId": 22, "name": "catalog-role-metadata-full", "label":
"Catalog Role Metadata Full", "category": "MANAGE" },
- { "itemId": 23, "name": "catalog-role-properties-read", "label":
"Catalog Role Properties Read", "category": "READ" },
- { "itemId": 24, "name": "catalog-role-properties-write", "label":
"Catalog Role Properties Write", "category": "UPDATE" },
+ { "itemId": 21, "name": "catalog-role-grants-manage", "label":
"Catalog Role Grants Manage", "category": "MANAGE",
"impliedGrants": [ "catalog-role-grants-list" ] },
+ { "itemId": 22, "name": "catalog-role-metadata-full", "label":
"Catalog Role Metadata Full", "category": "MANAGE",
"impliedGrants": [ "catalog-role-create", "catalog-role-drop",
"catalog-role-list", "catalog-role-properties-read",
"catalog-role-properties-write" ] },
+ { "itemId": 23, "name": "catalog-role-properties-read", "label":
"Catalog Role Properties Read", "category": "READ",
"impliedGrants": [ "catalog-role-list" ] },
+ { "itemId": 24, "name": "catalog-role-properties-write", "label":
"Catalog Role Properties Write", "category": "UPDATE",
"impliedGrants": [ "catalog-role-list", "catalog-role-properties-read" ] },
- { "itemId": 25, "name": "namespace-create", "label": "Namespace
Create", "category": "CREATE" },
+ { "itemId": 25, "name": "namespace-create", "label": "Namespace
Create", "category": "CREATE", "impliedGrants": [ "namespace-list" ]
},
{ "itemId": 26, "name": "namespace-drop", "label": "Namespace
Drop", "category": "DELETE" },
{ "itemId": 27, "name": "namespace-list", "label": "Namespace
List", "category": "READ" },
{ "itemId": 28, "name": "namespace-grants-list", "label": "Namespace
Grants List", "category": "READ" },
- { "itemId": 29, "name": "namespace-grants-manage", "label": "Namespace
Grants Manage", "category": "MANAGE" },
- { "itemId": 30, "name": "namespace-metadata-full", "label": "Namespace
Metadata Full", "category": "MANAGE" },
+ { "itemId": 29, "name": "namespace-grants-manage", "label": "Namespace
Grants Manage", "category": "MANAGE", "impliedGrants": [
"namespace-grants-list" ] },
+ { "itemId": 30, "name": "namespace-metadata-full", "label": "Namespace
Metadata Full", "category": "MANAGE", "impliedGrants": [ "namespace-create",
"namespace-drop", "namespace-list", "namespace-properties-read",
"namespace-properties-write" ] },
{ "itemId": 31, "name": "namespace-policy-attach", "label": "Namespace
Policy Attach", "category": "MANAGE" },
{ "itemId": 32, "name": "namespace-policy-detach", "label": "Namespace
Policy Detach", "category": "MANAGE" },
- { "itemId": 33, "name": "namespace-properties-read", "label": "Namespace
Properties Read", "category": "READ" },
- { "itemId": 34, "name": "namespace-properties-write", "label": "Namespace
Properties Write", "category": "UPDATE" },
+ { "itemId": 33, "name": "namespace-properties-read", "label": "Namespace
Properties Read", "category": "READ", "impliedGrants": [ "namespace-list" ] },
+ { "itemId": 34, "name": "namespace-properties-write", "label": "Namespace
Properties Write", "category": "UPDATE", "impliedGrants": [ "namespace-list",
"namespace-properties-read" ] },
- { "itemId": 35, "name": "policy-create", "label": "Policy Create",
"category": "CREATE" },
+ { "itemId": 35, "name": "policy-create", "label": "Policy Create",
"category": "CREATE", "impliedGrants": [ "policy-list" ] },
{ "itemId": 36, "name": "policy-drop", "label": "Policy Drop",
"category": "DELETE" },
{ "itemId": 37, "name": "policy-list", "label": "Policy List",
"category": "READ" },
- { "itemId": 38, "name": "policy-read", "label": "Policy Read",
"category": "READ" },
- { "itemId": 39, "name": "policy-write", "label": "Policy Write",
"category": "UPDATE" },
+ { "itemId": 38, "name": "policy-read", "label": "Policy Read",
"category": "READ", "impliedGrants": [ "policy-list" ] },
+ { "itemId": 39, "name": "policy-write", "label": "Policy Write",
"category": "UPDATE", "impliedGrants": [ "policy-list", "policy-read" ] },
{ "itemId": 40, "name": "policy-attach", "label": "Policy Attach",
"category": "MANAGE" },
{ "itemId": 41, "name": "policy-detach", "label": "Policy Detach",
"category": "MANAGE" },
{ "itemId": 42, "name": "policy-grants-manage", "label": "Policy Grants
Manage", "category": "MANAGE" },
- { "itemId": 43, "name": "policy-metadata-full", "label": "Policy Metadata
Full", "category": "MANAGE" },
+ { "itemId": 43, "name": "policy-metadata-full", "label": "Policy Metadata
Full", "category": "MANAGE", "impliedGrants": [ "policy-create", "policy-drop",
"policy-list", "policy-read", "policy-write" ] },
- { "itemId": 44, "name": "principal-create", "label":
"Principal Create", "category": "CREATE" },
+ { "itemId": 44, "name": "principal-create", "label":
"Principal Create", "category": "CREATE", "impliedGrants": [
"principal-list" ] },
{ "itemId": 45, "name": "principal-drop", "label":
"Principal Drop", "category": "DELETE" },
{ "itemId": 46, "name": "principal-list", "label":
"Principal List", "category": "READ" },
{ "itemId": 47, "name": "principal-credentials-reset", "label":
"Principal Credentials Reset", "category": "MANAGE" },
{ "itemId": 48, "name": "principal-credentials-rotate", "label":
"Principal Credentials Rotate", "category": "MANAGE" },
{ "itemId": 49, "name": "principal-grants-list", "label":
"Principal Grants List", "category": "READ" },
- { "itemId": 50, "name": "principal-grants-manage", "label":
"Principal Grants Manage", "category": "MANAGE" },
- { "itemId": 51, "name": "principal-grants-for-grantee-manage", "label":
"Principal Grants-for-Grantee Manage", "category": "MANAGE" },
- { "itemId": 52, "name": "principal-metadata-full", "label":
"Principal Metadata Full", "category": "MANAGE" },
- { "itemId": 53, "name": "principal-properties-read", "label":
"Principal Properties Read", "category": "READ" },
- { "itemId": 54, "name": "principal-properties-write", "label":
"Principal Properties Write", "category": "UPDATE" },
- { "itemId": 55, "name": "principal-role-create",
"label": "Principal Role Create", "category": "CREATE" },
+ { "itemId": 50, "name": "principal-grants-manage", "label":
"Principal Grants Manage", "category": "MANAGE", "impliedGrants": [
"principal-grants-list" ] },
+ { "itemId": 51, "name": "principal-grants-for-grantee-manage", "label":
"Principal Grants-for-Grantee Manage", "category": "MANAGE", "impliedGrants": [
"principal-grants-list" ] },
+ { "itemId": 52, "name": "principal-metadata-full", "label":
"Principal Metadata Full", "category": "MANAGE", "impliedGrants": [
"principal-create", "principal-drop", "principal-list",
"principal-properties-read", "principal-properties-write" ] },
+ { "itemId": 53, "name": "principal-properties-read", "label":
"Principal Properties Read", "category": "READ", "impliedGrants": [
"principal-list" ] },
+ { "itemId": 54, "name": "principal-properties-write", "label":
"Principal Properties Write", "category": "UPDATE", "impliedGrants": [
"principal-list", "principal-properties-read" ] },
+
+ { "itemId": 55, "name": "principal-role-create",
"label": "Principal Role Create", "category": "CREATE",
"impliedGrants": [ "principal-role-list" ] },
{ "itemId": 56, "name": "principal-role-drop",
"label": "Principal Role Drop", "category": "DELETE" },
{ "itemId": 57, "name": "principal-role-list",
"label": "Principal Role List", "category": "READ" },
{ "itemId": 58, "name": "principal-role-usage",
"label": "Principal Role Usage", "category": "MANAGE" },
{ "itemId": 59, "name": "principal-role-grants-list",
"label": "Principal Role Grants List", "category": "READ" },
- { "itemId": 60, "name": "principal-role-grants-manage",
"label": "Principal Role Grants Manage", "category": "MANAGE" },
- { "itemId": 61, "name": "principal-role-grants-for-grantee-manage",
"label": "Principal Role Grants-for-Grantee Manage", "category": "MANAGE" },
+ { "itemId": 60, "name": "principal-role-grants-manage",
"label": "Principal Role Grants Manage", "category": "MANAGE",
"impliedGrants": [ "principal-role-grants-list" ] },
+ { "itemId": 61, "name": "principal-role-grants-for-grantee-manage",
"label": "Principal Role Grants-for-Grantee Manage", "category": "MANAGE",
"impliedGrants": [ "principal-role-grants-list" ] },
{ "itemId": 62, "name": "principal-role-metadata-full",
"label": "Principal Role Metadata Full", "category": "MANAGE" },
{ "itemId": 63, "name": "principal-role-properties-read",
"label": "Principal Role Properties Read", "category": "READ" },
{ "itemId": 64, "name": "principal-role-properties-write",
"label": "Principal Role Properties Write", "category": "UPDATE" },
- { "itemId": 65, "name": "table-create", "label": "Table
Create", "category": "CREATE" },
- { "itemId": 66, "name": "table-drop", "label": "Table
Drop", "category": "DELETE" },
- { "itemId": 67, "name": "table-list", "label": "Table
List", "category": "READ" },
- { "itemId": 68, "name": "table-data-read", "label": "Table
Data Read", "category": "READ" },
- { "itemId": 69, "name": "table-data-write", "label": "Table
Data Write", "category": "UPDATE" },
- { "itemId": 70, "name": "table-grants-list", "label": "Table
Grants List", "category": "READ" },
- { "itemId": 71, "name": "table-grants-manage", "label": "Table
Grants Manage", "category": "MANAGE" },
- { "itemId": 72, "name": "table-metadata-full", "label": "Table
Metadata Full", "category": "MANAGE" },
- { "itemId": 73, "name": "table-policy-attach", "label": "Table
Policy Attach", "category": "MANAGE" },
- { "itemId": 74, "name": "table-policy-detach", "label": "Table
Policy Detach", "category": "MANAGE" },
- { "itemId": 75, "name": "table-properties-read", "label": "Table
Properties Read", "category": "READ" },
- { "itemId": 76, "name": "table-properties-write", "label": "Table
Properties Write", "category": "UPDATE" },
- { "itemId": 77, "name": "table-properties-set", "label": "Table
Properties Set", "category": "MANAGE" },
- { "itemId": 78, "name": "table-properties-remove", "label": "Table
Properties Remove", "category": "MANAGE" },
- { "itemId": 79, "name": "table-uuid-assign", "label": "Table
UUID Assign", "category": "MANAGE" },
- { "itemId": 80, "name": "table-format-version-upgrade", "label": "Table
Format Version Upgrade", "category": "MANAGE" },
- { "itemId": 81, "name": "table-schema-add", "label": "Table
Schema Add", "category": "MANAGE" },
- { "itemId": 82, "name": "table-schema-set-current", "label": "Table
Schema Set Current", "category": "MANAGE" },
- { "itemId": 83, "name": "table-partition-spec-add", "label": "Table
Partition Spec Add", "category": "MANAGE" },
- { "itemId": 84, "name": "table-partition-specs-remove", "label": "Table
Partition Specs Remove", "category": "MANAGE" },
- { "itemId": 85, "name": "table-sort-order-add", "label": "Table
Sort Order Add", "category": "MANAGE" },
- { "itemId": 86, "name": "table-sort-order-set-default", "label": "Table
Sort Order Set Default", "category": "MANAGE" },
- { "itemId": 87, "name": "table-snapshot-add", "label": "Table
Snapshot Add", "category": "MANAGE" },
- { "itemId": 88, "name": "table-snapshots-remove", "label": "Table
Snapshots Remove", "category": "MANAGE" },
- { "itemId": 89, "name": "table-snapshot-ref-set", "label": "Table
Snapshot-ref Set", "category": "MANAGE" },
- { "itemId": 90, "name": "table-snapshot-ref-remove", "label": "Table
Snapshot-ref Remove", "category": "MANAGE" },
- { "itemId": 91, "name": "table-location-set", "label": "Table
Location Set", "category": "MANAGE" },
- { "itemId": 92, "name": "table-statistics-set", "label": "Table
Statistics Set", "category": "MANAGE" },
- { "itemId": 93, "name": "table-statistics-remove", "label": "Table
Statistics Remove", "category": "MANAGE" },
- { "itemId": 94, "name": "table-structure-manage", "label": "Table
Structure Manage", "category": "MANAGE" },
+ { "itemId": 65, "name": "table-create", "label": "Table Create",
"category": "CREATE", "impliedGrants": [ "table-list" ] },
+ { "itemId": 66, "name": "table-drop", "label": "Table Drop",
"category": "DELETE" },
+ { "itemId": 67, "name": "table-list", "label": "Table List",
"category": "READ" },
+ { "itemId": 68, "name": "table-data-read", "label": "Table Data Read",
"category": "READ", "impliedGrants": [ "table-list", "table-properties-read"
] },
+ { "itemId": 69, "name": "table-data-write", "label": "Table Data Write",
"category": "UPDATE",
+ "impliedGrants": [
+ "table-list",
+ "table-data-read",
+ "table-properties-read",
+ "table-properties-set",
+ "table-properties-remove",
+ "table-uuid-assign",
+ "table-format-version-upgrade",
+ "table-schema-add",
+ "table-schema-set-current",
+ "table-sort-order-add",
+ "table-sort-order-set-default",
+ "table-snapshot-add",
+ "table-snapshots-remove",
+ "table-snapshot-ref-set",
+ "table-snapshot-ref-remove",
+ "table-location-set",
+ "table-statistics-set",
+ "table-statistics-remove",
+ "table-partition-spec-add",
+ "table-partition-specs-remove",
+ "table-structure-manage"
Review Comment:
`table-data-write` now implies many structural/administrative permissions
(schema/partition/snapshot/statistics/location operations). This is a potential
privilege escalation if those actions are not intended to be granted whenever
data write is granted. Please confirm the Polaris permission model expects
this, or remove/reduce these `impliedGrants` so data-write doesn’t
automatically include schema/metadata-management capabilities.
```suggestion
"table-properties-read"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
