hawq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yo...@apache.org
Subject [22/50] [abbrv] incubator-hawq-docs git commit: add a section on ranger integration status (closes #110)
Date Tue, 25 Apr 2017 00:04:15 GMT
add a section on ranger integration status (closes #110)


Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/43001b29
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/43001b29
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/43001b29

Branch: refs/heads/master
Commit: 43001b293777c27320062c63ddec1390cc25b12b
Parents: 5853561
Author: Lisa Owen <lowen@pivotal.io>
Authored: Mon Apr 3 16:32:45 2017 -0700
Committer: David Yozie <yozie@apache.org>
Committed: Mon Apr 3 16:32:45 2017 -0700

----------------------------------------------------------------------
 .../ranger/ranger-sqlcmd-summary.html.md.erb    | 393 +++++++++++++++++--
 1 file changed, 351 insertions(+), 42 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/43001b29/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
----------------------------------------------------------------------
diff --git a/markdown/ranger/ranger-sqlcmd-summary.html.md.erb b/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
index dd05cc1..2e53f69 100644
--- a/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
+++ b/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
@@ -25,50 +25,359 @@ The following table identifies the permissions required for common SQL
commands.
 
 **Notes**: 
 
-- A `&&` in **SQL Command** column identifies a super-user operation.
+- A \<db-name\>/\*/* policy with `connect` permission is assumed for all SQL operations
in the table.
+- A `&&` in the **SQL Command** column identifies a super-user operation.
 - A `##` in the **Resource** column signifies that additional policies may be required to
provide access to resources used within the operation(s).
 
+<table>
+<colgroup>
+<col width="30%" />
+<col width="20%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>SQL Command</th>
+<th>Permission</th>
+<th>Resource</th>
+</tr>
+</thead>
+<tbody>
+
+<tr class="odd">
+<td>\d</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/public/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">ANALYZE &lt;table-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td>ALTER AGGREGATE ... RENAME TO</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="odd">
+<td>ALTER SEQUENCE</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="even">
+<td>ALTER TABLE ... RENAME</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">ALTER TABLE<p>&lt;table-name&gt;<p>SET DISTRIBUTED
BY</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">BEGIN ... COMMIT</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td></td>
+<td>##</td>
+</tr>
+
+<tr class="odd">
+<td> \c, CONNECT &lt;db-name&gt;</td>
+<td> connect </td>
+<td>&lt;db-name&gt;/*/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">COPY &lt;table-name&gt; FROM &&</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>insert, select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">COPY &lt;table-name&gt; TO &&</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE AGGREGATE</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;sfunc-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE EXTERNAL TABLE</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td>&lt;protocol-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td rowspan="4">CREATE FUNCTION<p>&lt;func-name&gt;<p>(trusted
&lt;language-name&gt;)</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>usage</td>
+<td>&lt;db-name&gt;/&lt;language-name&gt;</td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;func-name&gt;</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="even">
+<td rowspan="4">CREATE FUNCTION<p>&lt;func-name&gt;<p>(untrusted
&lt;language-name&gt;) &&</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>usage</td>
+<td>&lt;db-name&gt;/&lt;language-name&gt;</td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;func-name&gt;</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="even">
+<td>CREATE LANGUAGE &&</td>
+<td>usage</td>
+<td>&lt;db-name&gt;/c</td>
+</tr>
+
+<tr class="odd">
+<td>CREATE OPERATOR<p>CREATE OPERATOR CLASS && <p>CREATE SEQUENCE<p>CREATE
TABLE<p>CREATE TYPE<p>CREATE VIEW</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="even">
+<td>CREATE SCHEMA</td>
+<td>create-schema</td>
+<td>&lt;db-name&gt;/*/*</td>
+</tr>
+
+<tr class="odd">
+<td>CREATE TABLE<p>(&lt;private-schema&gt;) </td>
+<td>create</td>
+<td>&lt;db-name&gt;/&lt;private-schema&gt;/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE TABLE ... AS</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE ... TABLESPACE<p>&lt;tablespace-name&gt;</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>create</td>
+<td>&lt;tablespace-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td>CREATE TEMP SEQUENCE<p>CREATE TEMP TABLE</td>
+<td>temp</td>
+<td>&lt;db-name&gt;/*/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">CREATE WRITABLE EXTERNAL TABLE</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>insert</td>
+<td>&lt;protocol-name&gt;</td>
+</tr>
+
+<tr class="odd">
+<td>DROP AGGREGATE<p>DROP FUNCTION<p>DROP OPERATOR<p>DROP OPERATOR
CLASS &&<p>DROP SCHEMA<p>DROP TABLE<p>DROP VIEW</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">EXECUTE</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="even">
+<td rowspan="2">EXPLAIN</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">INSERT INTO<p>&lt;table-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="odd">
+<td>insert</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="even">
+<td>PREPARE</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="4">SELECT &lt;agg-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;agg-name&gt;</td>
+</tr>
+<tr class="odd">
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;sfunc-name&gt;</td>
+</tr>
+<tr class="even">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="odd">
+<td rowspan="2">SELECT &lt;func-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;func-name&gt;</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT (using operator)</td>
+<td>execute</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;op-func&gt;</td>
+</tr>
+<tr class="even">
+<td></td>
+<td>##</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT...FROM<p>&lt;table-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT...INTO...FROM &lt;table-name&gt;</td>
+<td>usage-schema, create</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT...FROM<p>&lt;view-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;view-name&gt;</td>
+</tr>
+
+<tr class="odd">
+<td>TRUNCATE</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="even">
+<td>VACUUM</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">VACUUM ANALYZE<p>&lt;table-name&gt;</td>
+<td>usage-schema</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;table-name&gt;</td>
+</tr>
+
+</tbody>
+</table>
 
-| SQL Command    | Permission     |  Resource |
-|-------------|----------------------|------------------------|
-| \d | usage-schema | \<db-name\>/public/`*` |
-| ANALYZE \<table-name\>| usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| ALTER AGGREGATE ... RENAME TO  | usage-schema, create | \<db-name\>/\<schema-name\>/`*`
|
-| ALTER SEQUENCE  | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| ALTER TABLE ... RENAME  | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| ALTER TABLE \<table-name\><p>SET DISTRIBUTED BY  | usage-schema, create<p>select
| \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| BEGIN ... COMMIT   | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>##
|
-| \c, CONNECT \<db-name\>| connect | \<db-name\>/`*`/`*` |
-| COPY \<table-name\> FROM && | usage-schema<p>insert, select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| COPY \<table-name\> TO | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| CREATE AGGREGATE | usage-schema, create<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<sfunc-name\>
|
-| CREATE EXTERNAL TABLE  | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<protocol-name\>
|
-| CREATE FUNCTION \<function-name\><p>(trusted \<language-name\>) | usage-schema,
create<p>usage<p>execute | \<db-name\>/\<schema-name\>/`*`<p><p>\<db-name\>/\<language-name\><p>\<db-name\>/\<schema-name\>/\<function-name\><p>##
|
-| CREATE FUNCTION \<function-name\><p>(untrusted \<language-name\>) &&
| usage-schema, create<p>usage<p>execute | \<db-name\>/\<schema-name\>/`*`<p><p>\<db-name\>/\<language-name\><p>\<db-name\>/\<schema-name\>/\<function-name\><p>##
|
-| CREATE LANGUAGE &&  | usage | \<db-name\>/c |
-| CREATE OPERATOR<p>CREATE SEQUENCE<p>CREATE TABLE<p>CREATE TYPE<p>CREATE
VIEW | usage-schema, create | \<db-name\>/\<schema-name\>/`*` |
-| CREATE OPERATOR CLASS && | usage-schema, create | \<db-name\>/\<schema-name\>/`*`
|
-| CREATE SCHEMA | create-schema | \<db-name\>/`*`/`*` |
-| CREATE TABLE (\<private-schema\>)  | create | \<db-name\>/\<private-schema\>/`*`
|
-| CREATE TABLE ... AS  | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| CREATE ... TABLESPACE<p>\<tablespace-name\>  | usage-schema, create<p>create
| \<db-name\>/\<schema-name\>/`*`<p>\<tablespace-name\> |
-| CREATE TEMP SEQUENCE | temp | \<db-name\>/`*`/`*` |
-| CREATE TEMP TABLE | temp | \<db-name\>/`*`/`*` |
-| CREATE WRITABLE EXTERNAL<p> TABLE | usage-schema, create<p>insert | \<db-name\>/\<schema-name\>/`*`<p>\<protocol-name\>
|
-| DROP AGGREGATE<p>DROP FUNCTION<p>DROP OPERATOR<p>DROP SCHEMA<p>DROP
TABLE<p>DROP VIEW   | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| DROP OPERATOR CLASS &&  | usage-schema | \<db-name\>/\<schema-name\>/`*`
|
-| EXECUTE   | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## |
-| EXPLAIN   | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## |
-| INSERT INTO \<table-name\>  | usage-schema<p>insert | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| PREPARE   | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| SELECT \<aggregate-name\> | usage-schema<p>execute<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<aggregate-name\>
<p>\<db-name\>/\<schema-name\>/\<sfunc-name\> <p>##|
-| SELECT \<function-name\> | usage-schema<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<function-name\>
<p>##|
-| SELECT (using operator) | execute | \<db-name\>/\<schema-name\>/\<operator-procedure\>
<p>## |
-| SELECT...FROM \<table-name\> | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| SELECT...INTO...FROM \<table-name\> | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
-| SELECT...FROM \<view-name\> | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<view-name\><p>##
|
-| TRUNCATE  | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| VACUUM  | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| VACUUM ANALYZE \<table-name\>| usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\>
|
 
 


Mime
View raw message