You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@kylin.apache.org by ni...@apache.org on 2019/06/19 11:35:16 UTC

[kylin] branch document updated (67ccff5 -> 8a030b6)

This is an automated email from the ASF dual-hosted git repository.

nic pushed a change to branch document
in repository https://gitbox.apache.org/repos/asf/kylin.git.


    from 67ccff5  Add committer Jiatao Tao
     new 2f02aed  Add tutorial about table acl
     new 27c7ef7  Add tutorial about table acl
     new 8a030b6  update project acl

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 website/_data/docs-cn.yml                      |   2 +-
 website/_data/docs.yml                         |   2 +-
 website/_docs/tutorial/project_level_acl.cn.md |  59 +++++++++++++++++--------
 website/_docs/tutorial/project_level_acl.md    |  30 +++++++++++--
 website/images/Table-level-acl/ACL-1.png       | Bin 0 -> 11009 bytes
 website/images/Table-level-acl/ACL-2.png       | Bin 0 -> 15449 bytes
 6 files changed, 69 insertions(+), 24 deletions(-)
 create mode 100644 website/images/Table-level-acl/ACL-1.png
 create mode 100644 website/images/Table-level-acl/ACL-2.png

[kylin] 01/03: Add tutorial about table acl

Posted by ni...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch document
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 2f02aedd9fe82268703c5504092028abb970f48f
Author: GinaZhai <na...@kyligence.io>
AuthorDate: Thu Jun 6 14:14:11 2019 +0800

    Add tutorial about table acl
---
 website/_data/docs-cn.yml                    |   1 +
 website/_data/docs.yml                       |   1 +
 website/_docs/tutorial/table_level_acl.cn.md |  27 ++++++++++++++++++++++++++
 website/_docs/tutorial/table_level_acl.md    |  28 +++++++++++++++++++++++++++
 website/images/Table-level-acl/ACL-1.png     | Bin 0 -> 11009 bytes
 website/images/Table-level-acl/ACL-2.png     | Bin 0 -> 15449 bytes
 6 files changed, 57 insertions(+)

diff --git a/website/_data/docs-cn.yml b/website/_data/docs-cn.yml
index a1af952..f2025fe 100644
--- a/website/_data/docs-cn.yml
+++ b/website/_data/docs-cn.yml
@@ -33,6 +33,7 @@
   - tutorial/cube_build_job
   - tutorial/sql_reference
   - tutorial/project_level_acl
+  - tutorial/table_level_acl
   - tutorial/cube_spark
   - tutorial/cube_streaming
   - tutorial/cube_build_performance
diff --git a/website/_data/docs.yml b/website/_data/docs.yml
index cd5139b..3de5556 100644
--- a/website/_data/docs.yml
+++ b/website/_data/docs.yml
@@ -41,6 +41,7 @@
   - tutorial/cube_build_job
   - tutorial/sql_reference
   - tutorial/project_level_acl
+  - tutorial/table_level_acl
   - tutorial/cube_spark
   - tutorial/cube_streaming
   - tutorial/cube_build_performance
diff --git a/website/_docs/tutorial/table_level_acl.cn.md b/website/_docs/tutorial/table_level_acl.cn.md
new file mode 100644
index 0000000..4db0871
--- /dev/null
+++ b/website/_docs/tutorial/table_level_acl.cn.md
@@ -0,0 +1,27 @@
+---
+layout: docs-cn
+title: 表级别权限控制
+categories: tutorial
+permalink: /cn/docs/tutorial/table_level_acl.html
+since: v2.0.0
+---
+
+用户是否可以访问表取决于表级别的权限控制，该功能默认开启。可通过将 `kylin.query.security.table-acl-enabled` 的值设为 false 的方式关闭该功能。
+不同项目之间权限是互不影响的。
+一旦将表权限赋予用户，则该用户可在页面上看到该表。
+
+
+### 管理表级别权限
+
+1. 点击 Model 页面的 Data Source
+2. 展开某个数据库，选择一张表并点击 Access
+3. 点击 `Grant` 授权给用户
+
+	![](/images/Table-level-acl/ACL-1.png)
+
+4. 选择 type（有 user 和 role 两种），在下拉框中选择 User / Role name 并点击 `Submit` 进行授权
+
+5. 您也可以在该页面删除该权限。
+
+   ![](/images/Table-level-acl/ACL-2.png) 
+   
diff --git a/website/_docs/tutorial/table_level_acl.md b/website/_docs/tutorial/table_level_acl.md
new file mode 100644
index 0000000..9496cc7
--- /dev/null
+++ b/website/_docs/tutorial/table_level_acl.md
@@ -0,0 +1,28 @@
+---
+layout: docs
+title: Table Level ACL
+categories: tutorial
+permalink: /docs/tutorial/table_level_acl.html
+since: v2.0.0
+---
+
+Whether a user can access a table is determined by table-level access control, this function is on by default. Set `kylin.query.security.table-acl-enabled` to false to disable the table-level access control.
+Access permissions are independent between different projects.
+Once table-level access permission has been set for a user, you can see it on the page.
+
+
+### Manage Access Permission at Table-level
+
+1. Click the Data Source tab of Model page.
+2. Expand a database, choose the table and click Access tab.
+3. Click `Grant`to grant permission to user.
+
+	![](/images/Table-level-acl/ACL-1.png)
+
+4. Choose the type (user or role), choose User / Role name and then click `Submit` to grant permission.
+
+5. You can also delete permission on this page.
+
+   ![](/images/Table-level-acl/ACL-2.png)
+ 
+   
diff --git a/website/images/Table-level-acl/ACL-1.png b/website/images/Table-level-acl/ACL-1.png
new file mode 100644
index 0000000..6fb3b21
Binary files /dev/null and b/website/images/Table-level-acl/ACL-1.png differ
diff --git a/website/images/Table-level-acl/ACL-2.png b/website/images/Table-level-acl/ACL-2.png
new file mode 100644
index 0000000..cf3cbd1
Binary files /dev/null and b/website/images/Table-level-acl/ACL-2.png differ

[kylin] 02/03: Add tutorial about table acl

Posted by ni...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch document
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 27c7ef76923be1d1bbe837f75aea85f433628794
Author: GinaZhai <na...@kyligence.io>
AuthorDate: Mon Jun 17 22:33:56 2019 +0800

    Add tutorial about table acl
---
 website/_data/docs-cn.yml                      |  3 +--
 website/_data/docs.yml                         |  3 +--
 website/_docs/tutorial/project_level_acl.cn.md | 24 ++++++++++++++++++++--
 website/_docs/tutorial/project_level_acl.md    | 28 +++++++++++++++++++++++---
 website/_docs/tutorial/table_level_acl.cn.md   | 27 -------------------------
 website/_docs/tutorial/table_level_acl.md      | 28 --------------------------
 6 files changed, 49 insertions(+), 64 deletions(-)

diff --git a/website/_data/docs-cn.yml b/website/_data/docs-cn.yml
index f2025fe..955021e 100644
--- a/website/_data/docs-cn.yml
+++ b/website/_data/docs-cn.yml
@@ -32,8 +32,7 @@
   - tutorial/create_cube
   - tutorial/cube_build_job
   - tutorial/sql_reference
-  - tutorial/project_level_acl
-  - tutorial/table_level_acl
+  - tutorial/project_table_level_acl
   - tutorial/cube_spark
   - tutorial/cube_streaming
   - tutorial/cube_build_performance
diff --git a/website/_data/docs.yml b/website/_data/docs.yml
index 3de5556..27a4222 100644
--- a/website/_data/docs.yml
+++ b/website/_data/docs.yml
@@ -40,8 +40,7 @@
   - tutorial/create_cube
   - tutorial/cube_build_job
   - tutorial/sql_reference
-  - tutorial/project_level_acl
-  - tutorial/table_level_acl
+  - tutorial/project_table_level_acl
   - tutorial/cube_spark
   - tutorial/cube_streaming
   - tutorial/cube_build_performance
diff --git a/website/_docs/tutorial/project_level_acl.cn.md b/website/_docs/tutorial/project_level_acl.cn.md
index e33b706..ed52060 100644
--- a/website/_docs/tutorial/project_level_acl.cn.md
+++ b/website/_docs/tutorial/project_level_acl.cn.md
@@ -1,8 +1,8 @@
 ---
 layout: docs-cn
-title: Project Level ACL
+title: 项目和表级别权限控制
 categories: tutorial
-permalink: /cn/docs/tutorial/project_level_acl.html
+permalink: /cn/docs/tutorial/project_table_level_acl.html
 since: v2.1.0
 ---
 
@@ -61,3 +61,23 @@ Additionally, when Query Pushdown is enabled, QUERY access permission on a proje
 
    Please note that in order to grant permission to default user (MODELER and ANLAYST), these users need to login as least once. 
    
+
+## 表级别权限控制
+用户是否可以访问表取决于表级别的权限控制，该功能默认开启。可通过将 `kylin.query.security.table-acl-enabled` 的值设为 false 的方式关闭该功能。
+不同项目之间权限是互不影响的。
+一旦将表权限赋予用户，则该用户可在页面上看到该表。
+
+
+### 管理表级别权限
+
+1. 点击 Model 页面的 Data Source
+2. 展开某个数据库，选择一张表并点击 Access
+3. 点击 `Grant` 授权给用户
+
+	![](/images/Table-level-acl/ACL-1.png)
+
+4. 选择 type（有 user 和 role 两种），在下拉框中选择 User / Role name 并点击 `Submit` 进行授权
+
+5. 您也可以在该页面删除该权限。
+
+   ![](/images/Table-level-acl/ACL-2.png) 
\ No newline at end of file
diff --git a/website/_docs/tutorial/project_level_acl.md b/website/_docs/tutorial/project_level_acl.md
index f2d6528..8453390 100644
--- a/website/_docs/tutorial/project_level_acl.md
+++ b/website/_docs/tutorial/project_level_acl.md
@@ -1,11 +1,13 @@
 ---
 layout: docs
-title: Project Level ACL
+title: Project And Table Level ACL
 categories: tutorial
-permalink: /docs/tutorial/project_level_acl.html
+permalink: /docs/tutorial/project_table_level_acl.html
 since: v2.1.0
 ---
 
+
+### Project Level ACL
 Whether a user can access a project and use some functionalities within the project is determined by project-level access control, there are four types of access permission role set at the project-level in Apache Kylin. They are *ADMIN*, *MANAGEMENT*, *OPERATION* and *QUERY*. Each role defines a list of functionality user may perform in Apache Kylin.
 
 - *QUERY*: designed to be used by analysts who only need access permission to query tables/cubes in the project.
@@ -59,5 +61,25 @@ Additionally, when Query Pushdown is enabled, QUERY access permission on a proje
 
    ![](/images/Project-level-acl/ACL-3.png)
 
-   Please note that in order to grant permission to default user (MODELER and ANLAYST), these users need to login as least once. 
+   Please note that in order to grant permission to default user (MODELER and ANALYST), these users need to login as least once. 
    
+
+## Table Level ACL
+Whether a user can access a table is determined by table-level access control, this function is on by default. Set `kylin.query.security.table-acl-enabled` to false to disable the table-level access control.
+Access permissions are independent between different projects.
+Once table-level access permission has been set for a user, you can see it on the page.
+
+
+### Manage Access Permission at Table-level
+
+1. Click the Data Source tab of Model page.
+2. Expand a database, choose the table and click Access tab.
+3. Click `Grant`to grant permission to user.
+
+	![](/images/Table-level-acl/ACL-1.png)
+
+4. Choose the type (user or role), choose User / Role name and then click `Submit` to grant permission.
+
+5. You can also delete permission on this page.
+
+   ![](/images/Table-level-acl/ACL-2.png)
\ No newline at end of file
diff --git a/website/_docs/tutorial/table_level_acl.cn.md b/website/_docs/tutorial/table_level_acl.cn.md
deleted file mode 100644
index 4db0871..0000000
--- a/website/_docs/tutorial/table_level_acl.cn.md
+++ /dev/null
@@ -1,27 +0,0 @@
----
-layout: docs-cn
-title: 表级别权限控制
-categories: tutorial
-permalink: /cn/docs/tutorial/table_level_acl.html
-since: v2.0.0
----
-
-用户是否可以访问表取决于表级别的权限控制，该功能默认开启。可通过将 `kylin.query.security.table-acl-enabled` 的值设为 false 的方式关闭该功能。
-不同项目之间权限是互不影响的。
-一旦将表权限赋予用户，则该用户可在页面上看到该表。
-
-
-### 管理表级别权限
-
-1. 点击 Model 页面的 Data Source
-2. 展开某个数据库，选择一张表并点击 Access
-3. 点击 `Grant` 授权给用户
-
-	![](/images/Table-level-acl/ACL-1.png)
-
-4. 选择 type（有 user 和 role 两种），在下拉框中选择 User / Role name 并点击 `Submit` 进行授权
-
-5. 您也可以在该页面删除该权限。
-
-   ![](/images/Table-level-acl/ACL-2.png) 
-   
diff --git a/website/_docs/tutorial/table_level_acl.md b/website/_docs/tutorial/table_level_acl.md
deleted file mode 100644
index 9496cc7..0000000
--- a/website/_docs/tutorial/table_level_acl.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-layout: docs
-title: Table Level ACL
-categories: tutorial
-permalink: /docs/tutorial/table_level_acl.html
-since: v2.0.0
----
-
-Whether a user can access a table is determined by table-level access control, this function is on by default. Set `kylin.query.security.table-acl-enabled` to false to disable the table-level access control.
-Access permissions are independent between different projects.
-Once table-level access permission has been set for a user, you can see it on the page.
-
-
-### Manage Access Permission at Table-level
-
-1. Click the Data Source tab of Model page.
-2. Expand a database, choose the table and click Access tab.
-3. Click `Grant`to grant permission to user.
-
-	![](/images/Table-level-acl/ACL-1.png)
-
-4. Choose the type (user or role), choose User / Role name and then click `Submit` to grant permission.
-
-5. You can also delete permission on this page.
-
-   ![](/images/Table-level-acl/ACL-2.png)
- 
-

[kylin] 03/03: update project acl

Posted by ni...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch document
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 8a030b60d74a3c8aa59eb563a4551a3c9d17f9a9
Author: GinaZhai <na...@kyligence.io>
AuthorDate: Mon Jun 17 22:43:24 2019 +0800

    update project acl
---
 website/_docs/tutorial/project_level_acl.cn.md | 35 ++++++++++++++------------
 website/_docs/tutorial/project_level_acl.md    |  4 +--
 2 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/website/_docs/tutorial/project_level_acl.cn.md b/website/_docs/tutorial/project_level_acl.cn.md
index ed52060..8e40fab 100644
--- a/website/_docs/tutorial/project_level_acl.cn.md
+++ b/website/_docs/tutorial/project_level_acl.cn.md
@@ -6,18 +6,21 @@ permalink: /cn/docs/tutorial/project_table_level_acl.html
 since: v2.1.0
 ---
 
-Whether a user can access a project and use some functionalities within the project is determined by project-level access control, there are four types of access permission role set at the project-level in Apache Kylin. They are *ADMIN*, *MANAGEMENT*, *OPERATION* and *QUERY*. Each role defines a list of functionality user may perform in Apache Kylin.
 
-- *QUERY*: designed to be used by analysts who only need access permission to query tables/cubes in the project.
-- *OPERATION*: designed to be used by operation team in a corporate/organization who need permission to maintain the Cube. OPERATION access permission includes QUERY.
-- *MANAGEMENT*: designed to be used by Modeler or Designer who is fully knowledgeable of business meaning of the data/model, Cube will be in charge of Model and Cube design. MANAGEMENT access permission includes OPERATION, and QUERY.
-- *ADMIN*: Designed to fully manage the project. ADMIN access permission includes MANAGEMENT, OPERATION and QUERY.
+## 项目级别权限控制
 
-Access permissions are independent between different projects.
+用户是否可以访问一个项目并使用项目中的功能取决于项目级别的权限控制，Kylin 中共有 4 种角色。分别是 *ADMIN*，*MANAGEMENT*，*OPERATION* 和 *QUERY*。每个角色对应不同的功能。
 
-### How Access Permission is Determined
+- *QUERY*：适用于只需在项目中有查询表/cube 权限的分析师。
+- *OPERATION*：该角色适用于需维护 Cube 的公司/组织中的运营团队。OPERATION 包含 QUERY 的所有权限。
+- *MANAGEMENT*：该角色适用于充分了解数据/模型商业含义的模型师，建模师会负责模型和 Cube 的设计。MANAGEMENT 包含 OPERATION 和 QUERY 的所有权限。
+- *ADMIN*：该角色全权管理项目。ADMIN 包含 MANAGEMENT，OPERATION 和 QUERY 的所有权限。
 
-Once project-level access permission has been set for a user, access permission on data source, model and Cube will be inherited based on the access permission role defined on project-level. For detailed functionalities, each access permission role can have access to, see table below.
+访问权限是项目隔离的。
+
+### 如何确定访问权限
+
+为用户设置项目级别的访问权限后，不同的角色对应于不同的对数据源，模型和 Cube 的访问权限。具体的功能，以及每个角色的访问权限，如下表所示。
 
 |                                          | System Admin | Project Admin | Management | Operation | Query |
 | ---------------------------------------- | ------------ | ------------- | ---------- | --------- | ----- |
@@ -40,26 +43,26 @@ Once project-level access permission has been set for a user, access permission
 | Reload metadata, disable cache, set config, diagnosis | Yes          | No            | No         | No        | No    |
 
 
-Additionally, when Query Pushdown is enabled, QUERY access permission on a project allows users to issue push down queries on all tables in the project even though no cube could serve them. It's impossible if a user is not yet granted QUERY permission at project-level.
+另外，当查询下压开启时，该项目的查询权限允许用户查询项目中的所有表即使没有 cube 为他服务。每个用户都会被授予查询权限。
 
-### Manage Access Permission at Project-level
+### 管理项目级别的访问权限
 
-1. Click the small gear shape icon on the top-left corner of Model page. You will be redirected to project page
+1. 在 Model 页面，点击左上角的小齿轮形状图标。您将被重定向到项目页面。
 
    ![](/images/Project-level-acl/ACL-1.png)
 
-2. In project page, expand a project and choose Access.
-3. Click `Grant`to grant permission to user.
+2. 在项目页面，展开一个项目并选择 Access。
+3. 点击 `Grant` 为用户赋予权限。
 
 	![](/images/Project-level-acl/ACL-2.png)
 
-4. Fill in name of the user or role, choose permission and then click `Grant` to grant permission.
+4. 填写用户或角色的名称，选中权限然后点击 `Grant` 赋予权限。
 
-5. You can also revoke and update permission on this page.
+5. 您也可以在该页面移除或更新权限。
 
    ![](/images/Project-level-acl/ACL-3.png)
 
-   Please note that in order to grant permission to default user (MODELER and ANLAYST), these users need to login as least once. 
+   请注意，为了向默认用户（MODELER 和 ANALYST）授予权限，这些用户至少需要登录一次。
    
 
 ## 表级别权限控制
diff --git a/website/_docs/tutorial/project_level_acl.md b/website/_docs/tutorial/project_level_acl.md
index 8453390..d08a083 100644
--- a/website/_docs/tutorial/project_level_acl.md
+++ b/website/_docs/tutorial/project_level_acl.md
@@ -7,12 +7,12 @@ since: v2.1.0
 ---
 
 
-### Project Level ACL
+## Project Level ACL
 Whether a user can access a project and use some functionalities within the project is determined by project-level access control, there are four types of access permission role set at the project-level in Apache Kylin. They are *ADMIN*, *MANAGEMENT*, *OPERATION* and *QUERY*. Each role defines a list of functionality user may perform in Apache Kylin.
 
 - *QUERY*: designed to be used by analysts who only need access permission to query tables/cubes in the project.
 - *OPERATION*: designed to be used by operation team in a corporate/organization who need permission to maintain the Cube. OPERATION access permission includes QUERY.
-- *MANAGEMENT*: designed to be used by Modeler or Designer who is fully knowledgeable of business meaning of the data/model, Cube will be in charge of Model and Cube design. MANAGEMENT access permission includes OPERATION, and QUERY.
+- *MANAGEMENT*: designed to be used by Modeler who is fully knowledgeable of business meaning of the data/model, Modeler will be in charge of Model and Cube design. MANAGEMENT access permission includes OPERATION, and QUERY.
 - *ADMIN*: Designed to fully manage the project. ADMIN access permission includes MANAGEMENT, OPERATION and QUERY.
 
 Access permissions are independent between different projects.