You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hawq.apache.org by yo...@apache.org on 2017/04/03 23:32:48 UTC
incubator-hawq-docs git commit: add a section on ranger integration
status (closes #110)
Repository: incubator-hawq-docs
Updated Branches:
refs/heads/develop 5853561f9 -> 43001b293
add a section on ranger integration status (closes #110)
Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/43001b29
Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/43001b29
Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/43001b29
Branch: refs/heads/develop
Commit: 43001b293777c27320062c63ddec1390cc25b12b
Parents: 5853561
Author: Lisa Owen <lo...@pivotal.io>
Authored: Mon Apr 3 16:32:45 2017 -0700
Committer: David Yozie <yo...@apache.org>
Committed: Mon Apr 3 16:32:45 2017 -0700
----------------------------------------------------------------------
.../ranger/ranger-sqlcmd-summary.html.md.erb | 393 +++++++++++++++++--
1 file changed, 351 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/43001b29/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
----------------------------------------------------------------------
diff --git a/markdown/ranger/ranger-sqlcmd-summary.html.md.erb b/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
index dd05cc1..2e53f69 100644
--- a/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
+++ b/markdown/ranger/ranger-sqlcmd-summary.html.md.erb
@@ -25,50 +25,359 @@ The following table identifies the permissions required for common SQL commands.
**Notes**:
-- A `&&` in **SQL Command** column identifies a super-user operation.
+- A \<db-name\>/\*/* policy with `connect` permission is assumed for all SQL operations in the table.
+- A `&&` in the **SQL Command** column identifies a super-user operation.
- A `##` in the **Resource** column signifies that additional policies may be required to provide access to resources used within the operation(s).
+<table>
+<colgroup>
+<col width="30%" />
+<col width="20%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>SQL Command</th>
+<th>Permission</th>
+<th>Resource</th>
+</tr>
+</thead>
+<tbody>
+
+<tr class="odd">
+<td>\d</td>
+<td>usage-schema</td>
+<td><db-name>/public/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">ANALYZE <table-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="even">
+<td>ALTER AGGREGATE ... RENAME TO</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="odd">
+<td>ALTER SEQUENCE</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="even">
+<td>ALTER TABLE ... RENAME</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">ALTER TABLE<p><table-name><p>SET DISTRIBUTED BY</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">BEGIN ... COMMIT</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td></td>
+<td>##</td>
+</tr>
+
+<tr class="odd">
+<td> \c, CONNECT <db-name></td>
+<td> connect </td>
+<td><db-name>/*/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">COPY <table-name> FROM &&</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>insert, select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">COPY <table-name> TO &&</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE AGGREGATE</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>execute</td>
+<td><db-name>/<schema-name>/<sfunc-name></td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE EXTERNAL TABLE</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td><protocol-name></td>
+</tr>
+
+<tr class="even">
+<td rowspan="4">CREATE FUNCTION<p><func-name><p>(trusted <language-name>)</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>usage</td>
+<td><db-name>/<language-name></td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td><db-name>/<schema-name>/<func-name></td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="even">
+<td rowspan="4">CREATE FUNCTION<p><func-name><p>(untrusted <language-name>) &&</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>usage</td>
+<td><db-name>/<language-name></td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td><db-name>/<schema-name>/<func-name></td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="even">
+<td>CREATE LANGUAGE &&</td>
+<td>usage</td>
+<td><db-name>/c</td>
+</tr>
+
+<tr class="odd">
+<td>CREATE OPERATOR<p>CREATE OPERATOR CLASS && <p>CREATE SEQUENCE<p>CREATE TABLE<p>CREATE TYPE<p>CREATE VIEW</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="even">
+<td>CREATE SCHEMA</td>
+<td>create-schema</td>
+<td><db-name>/*/*</td>
+</tr>
+
+<tr class="odd">
+<td>CREATE TABLE<p>(<private-schema>) </td>
+<td>create</td>
+<td><db-name>/<private-schema>/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE TABLE ... AS</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">CREATE ... TABLESPACE<p><tablespace-name></td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>create</td>
+<td><tablespace-name></td>
+</tr>
+
+<tr class="even">
+<td>CREATE TEMP SEQUENCE<p>CREATE TEMP TABLE</td>
+<td>temp</td>
+<td><db-name>/*/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">CREATE WRITABLE EXTERNAL TABLE</td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>insert</td>
+<td><protocol-name></td>
+</tr>
+
+<tr class="odd">
+<td>DROP AGGREGATE<p>DROP FUNCTION<p>DROP OPERATOR<p>DROP OPERATOR CLASS &&<p>DROP SCHEMA<p>DROP TABLE<p>DROP VIEW</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">EXECUTE</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="even">
+<td rowspan="2">EXPLAIN</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td></td>
+<td>##</td>
+</tr>
+
+<tr class="even">
+<td rowspan="2">INSERT INTO<p><table-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="odd">
+<td>insert</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="even">
+<td>PREPARE</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="4">SELECT <agg-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td><db-name>/<schema-name>/<agg-name></td>
+</tr>
+<tr class="odd">
+<td>execute</td>
+<td><db-name>/<schema-name>/<sfunc-name></td>
+</tr>
+<tr class="even">
+<td></td>
+<td>##</td>
+</tr>
+
+
+<tr class="odd">
+<td rowspan="2">SELECT <func-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>execute</td>
+<td><db-name>/<schema-name>/<func-name></td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT (using operator)</td>
+<td>execute</td>
+<td><db-name>/<schema-name>/<op-func></td>
+</tr>
+<tr class="even">
+<td></td>
+<td>##</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT...FROM<p><table-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT...INTO...FROM <table-name></td>
+<td>usage-schema, create</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">SELECT...FROM<p><view-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td><db-name>/<schema-name>/<view-name></td>
+</tr>
+
+<tr class="odd">
+<td>TRUNCATE</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="even">
+<td>VACUUM</td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+
+<tr class="odd">
+<td rowspan="2">VACUUM ANALYZE<p><table-name></td>
+<td>usage-schema</td>
+<td><db-name>/<schema-name>/*</td>
+</tr>
+<tr class="even">
+<td>select</td>
+<td><db-name>/<schema-name>/<table-name></td>
+</tr>
+
+</tbody>
+</table>
-| SQL Command | Permission | Resource |
-|-------------|----------------------|------------------------|
-| \d | usage-schema | \<db-name\>/public/`*` |
-| ANALYZE \<table-name\>| usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| ALTER AGGREGATE ... RENAME TO | usage-schema, create | \<db-name\>/\<schema-name\>/`*` |
-| ALTER SEQUENCE | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| ALTER TABLE ... RENAME | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| ALTER TABLE \<table-name\><p>SET DISTRIBUTED BY | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| BEGIN ... COMMIT | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## |
-| \c, CONNECT \<db-name\>| connect | \<db-name\>/`*`/`*` |
-| COPY \<table-name\> FROM && | usage-schema<p>insert, select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| COPY \<table-name\> TO | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| CREATE AGGREGATE | usage-schema, create<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<sfunc-name\> |
-| CREATE EXTERNAL TABLE | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<protocol-name\> |
-| CREATE FUNCTION \<function-name\><p>(trusted \<language-name\>) | usage-schema, create<p>usage<p>execute | \<db-name\>/\<schema-name\>/`*`<p><p>\<db-name\>/\<language-name\><p>\<db-name\>/\<schema-name\>/\<function-name\><p>## |
-| CREATE FUNCTION \<function-name\><p>(untrusted \<language-name\>) && | usage-schema, create<p>usage<p>execute | \<db-name\>/\<schema-name\>/`*`<p><p>\<db-name\>/\<language-name\><p>\<db-name\>/\<schema-name\>/\<function-name\><p>## |
-| CREATE LANGUAGE && | usage | \<db-name\>/c |
-| CREATE OPERATOR<p>CREATE SEQUENCE<p>CREATE TABLE<p>CREATE TYPE<p>CREATE VIEW | usage-schema, create | \<db-name\>/\<schema-name\>/`*` |
-| CREATE OPERATOR CLASS && | usage-schema, create | \<db-name\>/\<schema-name\>/`*` |
-| CREATE SCHEMA | create-schema | \<db-name\>/`*`/`*` |
-| CREATE TABLE (\<private-schema\>) | create | \<db-name\>/\<private-schema\>/`*` |
-| CREATE TABLE ... AS | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| CREATE ... TABLESPACE<p>\<tablespace-name\> | usage-schema, create<p>create | \<db-name\>/\<schema-name\>/`*`<p>\<tablespace-name\> |
-| CREATE TEMP SEQUENCE | temp | \<db-name\>/`*`/`*` |
-| CREATE TEMP TABLE | temp | \<db-name\>/`*`/`*` |
-| CREATE WRITABLE EXTERNAL<p> TABLE | usage-schema, create<p>insert | \<db-name\>/\<schema-name\>/`*`<p>\<protocol-name\> |
-| DROP AGGREGATE<p>DROP FUNCTION<p>DROP OPERATOR<p>DROP SCHEMA<p>DROP TABLE<p>DROP VIEW | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| DROP OPERATOR CLASS && | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| EXECUTE | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## |
-| EXPLAIN | usage-schema | \<db-name\>/\<schema-name\>/`*`<p>## |
-| INSERT INTO \<table-name\> | usage-schema<p>insert | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| PREPARE | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| SELECT \<aggregate-name\> | usage-schema<p>execute<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<aggregate-name\> <p>\<db-name\>/\<schema-name\>/\<sfunc-name\> <p>##|
-| SELECT \<function-name\> | usage-schema<p>execute | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<function-name\> <p>##|
-| SELECT (using operator) | execute | \<db-name\>/\<schema-name\>/\<operator-procedure\> <p>## |
-| SELECT...FROM \<table-name\> | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| SELECT...INTO...FROM \<table-name\> | usage-schema, create<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |
-| SELECT...FROM \<view-name\> | usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<view-name\><p>## |
-| TRUNCATE | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| VACUUM | usage-schema | \<db-name\>/\<schema-name\>/`*` |
-| VACUUM ANALYZE \<table-name\>| usage-schema<p>select | \<db-name\>/\<schema-name\>/`*`<p>\<db-name\>/\<schema-name\>/\<table-name\> |