add a section on ranger integration status (closes #110)
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/43001b29 Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/43001b29 Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/43001b29 Branch: refs/heads/master Commit: 43001b293777c27320062c63ddec1390cc25b12b Parents: 5853561 Author: Lisa Owen <lo...@pivotal.io> Authored: Mon Apr 3 16:32:45 2017 -0700 Committer: David Yozie <yo...@apache.org> Committed: Mon Apr 3 16:32:45 2017 -0700 ---------------------------------------------------------------------- .../ranger/ranger-sqlcmd-summary.html.md.erb | 393 +++++++++++++++++-- 1 file changed, 351 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/43001b29/markdown/ranger/ranger-sqlcmd-summary.html.md.erb ---------------------------------------------------------------------- diff --git a/markdown/ranger/ranger-sqlcmd-summary.html.md.erb b/markdown/ranger/ranger-sqlcmd-summary.html.md.erb index dd05cc1..2e53f69 100644 --- a/markdown/ranger/ranger-sqlcmd-summary.html.md.erb +++ b/markdown/ranger/ranger-sqlcmd-summary.html.md.erb @@ -25,50 +25,359 @@ The following table identifies the permissions required for common SQL commands. **Notes**: -- A `&&` in **SQL Command** column identifies a super-user operation. +- A \<db-name\>/\*/* policy with `connect` permission is assumed for all SQL operations in the table. +- A `&&` in the **SQL Command** column identifies a super-user operation. - A `##` in the **Resource** column signifies that additional policies may be required to provide access to resources used within the operation(s). +<table> +<colgroup> +<col width="30%" /> +<col width="20%" /> +<col width="50%" /> +</colgroup> +<thead> +<tr class="header"> +<th>SQL Command</th> +<th>Permission</th> +<th>Resource</th> +</tr> +</thead> +<tbody> + +<tr class="odd"> +<td>\d</td> +<td>usage-schema</td> +<td><db-name>/public/*</td> +</tr> + +<tr class="even"> +<td rowspan="2">ANALYZE <table-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="even"> +<td>ALTER AGGREGATE ... RENAME TO</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="odd"> +<td>ALTER SEQUENCE</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="even"> +<td>ALTER TABLE ... RENAME</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="odd"> +<td rowspan="2">ALTER TABLE<p><table-name><p>SET DISTRIBUTED BY</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="odd"> +<td rowspan="2">BEGIN ... COMMIT</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td></td> +<td>##</td> +</tr> + +<tr class="odd"> +<td> \c, CONNECT <db-name></td> +<td> connect </td> +<td><db-name>/*/*</td> +</tr> + +<tr class="even"> +<td rowspan="2">COPY <table-name> FROM &&</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>insert, select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="even"> +<td rowspan="2">COPY <table-name> TO &&</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="even"> +<td rowspan="2">CREATE AGGREGATE</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>execute</td> +<td><db-name>/<schema-name>/<sfunc-name></td> +</tr> + +<tr class="even"> +<td rowspan="2">CREATE EXTERNAL TABLE</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>select</td> +<td><protocol-name></td> +</tr> + +<tr class="even"> +<td rowspan="4">CREATE FUNCTION<p><func-name><p>(trusted <language-name>)</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>usage</td> +<td><db-name>/<language-name></td> +</tr> +<tr class="even"> +<td>execute</td> +<td><db-name>/<schema-name>/<func-name></td> +</tr> +<tr class="odd"> +<td></td> +<td>##</td> +</tr> + + +<tr class="even"> +<td rowspan="4">CREATE FUNCTION<p><func-name><p>(untrusted <language-name>) &&</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>usage</td> +<td><db-name>/<language-name></td> +</tr> +<tr class="even"> +<td>execute</td> +<td><db-name>/<schema-name>/<func-name></td> +</tr> +<tr class="odd"> +<td></td> +<td>##</td> +</tr> + + +<tr class="even"> +<td>CREATE LANGUAGE &&</td> +<td>usage</td> +<td><db-name>/c</td> +</tr> + +<tr class="odd"> +<td>CREATE OPERATOR<p>CREATE OPERATOR CLASS && <p>CREATE SEQUENCE<p>CREATE TABLE<p>CREATE TYPE<p>CREATE VIEW</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="even"> +<td>CREATE SCHEMA</td> +<td>create-schema</td> +<td><db-name>/*/*</td> +</tr> + +<tr class="odd"> +<td>CREATE TABLE<p>(<private-schema>) </td> +<td>create</td> +<td><db-name>/<private-schema>/*</td> +</tr> + +<tr class="even"> +<td rowspan="2">CREATE TABLE ... AS</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="even"> +<td rowspan="2">CREATE ... TABLESPACE<p><tablespace-name></td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>create</td> +<td><tablespace-name></td> +</tr> + +<tr class="even"> +<td>CREATE TEMP SEQUENCE<p>CREATE TEMP TABLE</td> +<td>temp</td> +<td><db-name>/*/*</td> +</tr> + +<tr class="odd"> +<td rowspan="2">CREATE WRITABLE EXTERNAL TABLE</td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>insert</td> +<td><protocol-name></td> +</tr> + +<tr class="odd"> +<td>DROP AGGREGATE<p>DROP FUNCTION<p>DROP OPERATOR<p>DROP OPERATOR CLASS &&<p>DROP SCHEMA<p>DROP TABLE<p>DROP VIEW</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="even"> +<td rowspan="2">EXECUTE</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td></td> +<td>##</td> +</tr> + + +<tr class="even"> +<td rowspan="2">EXPLAIN</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td></td> +<td>##</td> +</tr> + +<tr class="even"> +<td rowspan="2">INSERT INTO<p><table-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="odd"> +<td>insert</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="even"> +<td>PREPARE</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="odd"> +<td rowspan="4">SELECT <agg-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>execute</td> +<td><db-name>/<schema-name>/<agg-name></td> +</tr> +<tr class="odd"> +<td>execute</td> +<td><db-name>/<schema-name>/<sfunc-name></td> +</tr> +<tr class="even"> +<td></td> +<td>##</td> +</tr> + + +<tr class="odd"> +<td rowspan="2">SELECT <func-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>execute</td> +<td><db-name>/<schema-name>/<func-name></td> +</tr> + +<tr class="odd"> +<td rowspan="2">SELECT (using operator)</td> +<td>execute</td> +<td><db-name>/<schema-name>/<op-func></td> +</tr> +<tr class="even"> +<td></td> +<td>##</td> +</tr> + +<tr class="odd"> +<td rowspan="2">SELECT...FROM<p><table-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="odd"> +<td rowspan="2">SELECT...INTO...FROM <table-name></td> +<td>usage-schema, create</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +<tr class="odd"> +<td rowspan="2">SELECT...FROM<p><view-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>select</td> +<td><db-name>/<schema-name>/<view-name></td> +</tr> + +<tr class="odd"> +<td>TRUNCATE</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="even"> +<td>VACUUM</td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> + +<tr class="odd"> +<td rowspan="2">VACUUM ANALYZE<p><table-name></td> +<td>usage-schema</td> +<td><db-name>/<schema-name>/*</td> +</tr> +<tr class="even"> +<td>select</td> +<td><db-name>/<schema-name>/<table-name></td> +</tr> + +</tbody> +</table> -| SQL Command | Permission | Resource | -|-------------|----------------------|------------------------| -| \d | usage-schema | \<db-name\>/public/`*` | -| ANALYZE \<table-name\>| usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| ALTER AGGREGATE ... RENAME TO | usage-schema, create | \<db-name\>/\<schema-name\>/`*` | -| ALTER SEQUENCE | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| ALTER TABLE ... RENAME | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| ALTER TABLE \<table-name\><p>SET DISTRIBUTED BY | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| BEGIN ... COMMIT | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## | -| \c, CONNECT \<db-name\>| connect | \<db-name\>/`*`/`*` | -| COPY \<table-name\> FROM && | usage-schema<p>insert, select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| COPY \<table-name\> TO | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| CREATE AGGREGATE | usage-schema, create<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<sfunc-name\> | -| CREATE EXTERNAL TABLE | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<protocol-name\> | -| CREATE FUNCTION \<function-name\><p>(trusted \<language-name\>) | usage-schema, create<p>usage<p>execute | \<db-name\>/\<schema-name\>/`*`<p><p>\<db-name\>/\<language-name\><p>\<db-name\>/\<schema-name\>/\<function-name\><p>## | -| CREATE FUNCTION \<function-name\><p>(untrusted \<language-name\>) && | usage-schema, create<p>usage<p>execute | \<db-name\>/\<schema-name\>/`*`<p><p>\<db-name\>/\<language-name\><p>\<db-name\>/\<schema-name\>/\<function-name\><p>## | -| CREATE LANGUAGE && | usage | \<db-name\>/c | -| CREATE OPERATOR<p>CREATE SEQUENCE<p>CREATE TABLE<p>CREATE TYPE<p>CREATE VIEW | usage-schema, create | \<db-name\>/\<schema-name\>/`*` | -| CREATE OPERATOR CLASS && | usage-schema, create | \<db-name\>/\<schema-name\>/`*` | -| CREATE SCHEMA | create-schema | \<db-name\>/`*`/`*` | -| CREATE TABLE (\<private-schema\>) | create | \<db-name\>/\<private-schema\>/`*` | -| CREATE TABLE ... AS | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| CREATE ... TABLESPACE<p>\<tablespace-name\> | usage-schema, create<p>create | \<db-name\>/\<schema-name\>/`*`<p>\<tablespace-name\> | -| CREATE TEMP SEQUENCE | temp | \<db-name\>/`*`/`*` | -| CREATE TEMP TABLE | temp | \<db-name\>/`*`/`*` | -| CREATE WRITABLE EXTERNAL<p> TABLE | usage-schema, create<p>insert | \<db-name\>/\<schema-name\>/`*`<p>\<protocol-name\> | -| DROP AGGREGATE<p>DROP FUNCTION<p>DROP OPERATOR<p>DROP SCHEMA<p>DROP TABLE<p>DROP VIEW | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| DROP OPERATOR CLASS && | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| EXECUTE | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## | -| EXPLAIN | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## | -| INSERT INTO \<table-name\> | usage-schema<p>insert | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| PREPARE | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| SELECT \<aggregate-name\> | usage-schema<p>execute<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<aggregate-name\> <p>\<db-name\>/\<schema-name\>/\<sfunc-name\> <p>##| -| SELECT \<function-name\> | usage-schema<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<function-name\> <p>##| -| SELECT (using operator) | execute | \<db-name\>/\<schema-name\>/\<operator-procedure\> <p>## | -| SELECT...FROM \<table-name\> | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| SELECT...INTO...FROM \<table-name\> | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> | -| SELECT...FROM \<view-name\> | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<view-name\><p>## | -| TRUNCATE | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| VACUUM | usage-schema | \<db-name\>/\<schema-name\>/`*` | -| VACUUM ANALYZE \<table-name\>| usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |