This topic describes common statements for project permission management, such as
user management, role management, ACL-based authorization, and permission review.
User management
Statement |
Description |
list users |
Allows you to view all users that are added to the project. |
add user <username> |
Allows you to add a user. |
remove user <username> |
Allows you to remove a user. |
Role management
Statement |
Description |
list roles |
Allows you to view all created roles. |
create role <rolename> |
Allows you to create a role. |
drop role <rolename> |
Allows you to delete a role. |
grant <rolelist> to <username> |
Allows you to assign one or multiple roles to a user. |
revoke <rolelist> from <username> |
Allows you to revoke roles from a user. |
ACL-based authorization
Statement |
Description |
grant <privList> on <objType> <objName> to user <username> |
Allows you to authorize a user. |
grant <privList> on <objType> <objName> to role <rolename> |
Allows you to authorize a role. |
revoke <privList> on <objType> <objName> from user <username> |
Allows you to revoke permissions from a user. |
revoke <privList> on <objType> <objName> from role <rolename> |
Allows you to revoke permissions from a role. |
Permission review
Statement |
Description |
whoami |
Allows you to view information about a user. |
show grants [for <username> ] [on type <objectType> ]
|
Allows you to view permissions and roles of a user. |
show acl for <objectName> [on type <objectType> ]
|
Allows you to view the authorization information of an object. |
describe role <roleName> |
Allows you to view the authorization and assignment information of a role. |