Security CLI commands

<input> - will have to be provided by users, no autocomplete
[input] - autocomplete will be available
FunctionExisting CommandProposed ChangeComments
Grant
security grant entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions>
grant actions <actions> on entity <entity-id> to [principal-type] <principal-name>
Should we make these role-based only like Sentry? Or allow users and groups too?
Revoke
security revoke entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions>
revoke actions <actions> on entity <entity-id> from [principal-type] <principal-name>
 
Check Access
security access entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions>

Remove.

 
Create Role-
create role <role-name>
 
Drop Role-
drop role <role-name>
 
List Roles-
list roles
 
Add role to group-
add role <role-name> to group <group-name>
Q: Should we allow adding roles to users as well? Sentry only supports adding to groups.
Remove role from group-
remove role <role-name> from group <group-name>
 
List roles for group-
list roles for group <group-name>
 
List privileges for role-
list privileges for role <role-name>