<input> - will have to be provided by users, no autocomplete[input] - autocomplete will be available| Function | Existing Command | Proposed Change | Comments |
|---|---|---|---|
| Grant | security grant entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions> | grant actions <actions> on entity <entity-id> to [principal-type] <principal-name> | Should we make these role-based only like Sentry? Or allow users and groups too? |
| Revoke | security revoke entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions> | revoke actions <actions> on entity <entity-id> from [principal-type] <principal-name> | |
| Check Access | security access entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions> | Remove. | |
| Create Role | - | create role <role-name> | |
| Drop Role | - | drop role <role-name> | |
| List Roles | - | list roles | |
| Add role to group | - | add role <role-name> to group <group-name> | Q: Should we allow adding roles to users as well? Sentry only supports adding to groups. |
| Remove role from group | - | remove role <role-name> from group <group-name> | |
| List roles for group | - | list roles for group <group-name> | |
| List privileges for role | - | list privileges for role <role-name> |