This topic describes common statements for project permission management, such as user management, role management, ACL-based authorization, and permission review.

User management

Statement Description
list users Allows you to view all users that are added to the project.
add user <username> Allows you to add a user.
remove user <username> Allows you to remove a user.

Role management

Statement Description
list roles Allows you to view all created roles.
create role <rolename> Allows you to create a role.
drop role <rolename> Allows you to delete a role.
grant <rolelist> to <username> Allows you to assign one or multiple roles to a user.
revoke <rolelist> from <username> Allows you to revoke roles from a user.

ACL-based authorization

Statement Description
grant <privList> on <objType><objName> to user <username> Allows you to authorize a user.
grant <privList> on <objType><objName> to role <rolename> Allows you to authorize a role.
revoke <privList> on <objType><objName> from user <username> Allows you to revoke permissions from a user.
revoke <privList> on <objType><objName> from role <rolename> Allows you to revoke permissions from a role.

Permission review

Statement Description
whoami Allows you to view information about a user.
show grants [for <username>] [on type <objectType>] Allows you to view permissions and roles of a user.
show acl for <objectName> [on type <objectType>] Allows you to view the authorization information of an object.
describe role <roleName> Allows you to view the authorization and assignment information of a role.