Merge pull request #10616 from TCeason/priv_docs

BohuTANG · web-flow · commit 218bf9ec026d · 2023-03-17T13:46:31.000+08:00
docs(query): add doc about access control privileges
diff --git a/docs/doc/16-security/00-access-control/10-access-control-privileges.rs b/docs/doc/16-security/00-access-control/10-access-control-privileges.rs
@@ -0,0 +1,105 @@
+---
+title: Access Control Privileges
+sidebar_label: Privileges
+description:
+  Databend Access Control Privileges
+---
+
+This topic describes the privileges that are available in the Databend access control model.
+
+## All Privileges
+
+| Privilege | Object Type | Description |
+| :--                 | :--                  | :--                  |
+| ALL   |  All    | Grants all the privileges for the specified object type. |
+| ALTER   |   Global, Database, Table, View   | Privilege to alter databases or tables, Alter user/UDF. |
+| CREATE   |     Global, Database, Table    | Privilege to create databases or tables or udf. |
+| DELETE   |  Table   | Privilege to delete or truncate rows in a table. |
+| DROP       |    Global, Database, Table, View    | Privilege to drop databases or tables or views and undrop databases or tables, Drop UDF. |
+| INSERT       |   Table       | Privilege to insert rows into tables. |
+| SELECT       |    Database, Table      | Privilege to select rows from tables, show or use databases. |
+| UPDATE       |      Table    | Privilege to update rows in a table |
+| GRANT       |     Global    | Privilege to Grant/Revoke privileges to users or roles |
+| SUPER       |      Global, Table   | Privilege to Kill query, Set global configs, Optimize table, Analyze table, Operator stage/catalog/share. |
+| USAGE       |    Global     | UsagePrivilege is a synonym for “no privileges” |
+| CREATE ROLE   |      Global    | Privilege to create a role |
+| DROP ROLE   |      Global    | Privilege to drop a role |
+| CREATE USER   |     Global     | Privilege to create a sql user |
+| CREATE USER   |     Global     | Privilege to drop a sql user |
+
+## Global Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| ALL   |  Grants all the privileges for the specified object type. |
+| GRANT   |    Add/Drop table Column, Alter table cluster key, Re-cluster table |
+| CREATEROLE   |     Create a new role.    |
+| DROPUSER   |  Drop a new user. |
+| CREATEUSER   |  Create a new user. |
+| DROPROLE   |  Drop a new role. |
+| SUPER       |    Kill query, Set/Unset settings, operator stage/catalog/share, Call function, Copy into stage |
+| USAGE       |   Only can connect to databend query, but no privileges |
+| CREATE       |   Create UDF |
+| DROP       |   Drop UDF |
+| ALTER       |   Alter UDF, ALter sql user |
+
+
+## Table Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| ALL   |  Grants all the privileges for the specified object type. |
+| ALTER   |    Add/Drop table Column, Alter table cluster key, Re-cluster table, Revert table |
+| CREATE   |     Create table    |
+| DELETE   |  Delete rows in a table, Truncate table |
+| DROP       |    Drop table, Undrop table(restores the recent version of a dropped table) |
+| INSERT       |   Insert rows into table, Copy into table |
+| SELECT       |    Select rows from tables, Show create table, Describe table |
+| UPDATE       |      Update rows in a table |
+| SUPER       |    Optimize/Analyze table need super privilege |
+
+## View Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| ALL   |  Grants all the privileges for the specified object type |
+| ALTER   |    Create/Drop view, Alter the existing view by using another `QUERY` |
+| DROP       |    Drop view |
+
+## Database Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| Alter   |    Rename database |
+| CREATE   |     Create database    |
+| DROP       |    Drop database, Undrop database(restores the recent version of a dropped database) |
+| SELECT       |    Show create database, Use database, |
+
+
+## Session Policy Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| SUPER       |    Kill query, Set/Unset settings |
+| ALL   |  Grants all the privileges for the specified object type. |
+
+## Stage Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| SUPER       |  List Stage, Create Stage, Drop Stage, Remove Stage |
+| ALL   |  Grants all the privileges for the specified object type. |
+
+## Catalog Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| SUPER       |  Show create catalog, Create catalog, Drop catalog |
+| ALL   |  Grants all the privileges for the specified object type. |
+
+## Catalog Privileges
+
+| Privilege | Usage |
+| :--                 | :--                  |
+| SUPER       |  Create share, Drop share, Desc share, Show shares |
+| ALL   |  Grants all the privileges for the specified object type. |
diff --git a/docs/doc/16-security/00-access-control/_category_.json b/docs/doc/16-security/00-access-control/_category_.json
@@ -0,0 +1,7 @@
+{
+  "label": "Access Control",
+  "link": {
+    "type": "generated-index",
+    "slug": "/operations/access"
+  }
+}
diff --git a/docs/doc/16-security/_category_.json b/docs/doc/16-security/_category_.json
@@ -0,0 +1,7 @@
+{
+  "label": "Security",
+  "link": {
+    "type": "generated-index",
+    "slug": "/security"
+  }
+}
