Security CLI commands
<input> - will have to be provided by users, no autocomplete
[input] - autocomplete will be available
Function | Existing Command | Proposed Change | Comments |
---|---|---|---|
Grant | security grant entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions> | grant actions <actions> on entity <entity-id> to [principal-type] <principal-name> | Should we make these role-based only like Sentry? Or allow users and groups too? |
Revoke | security revoke entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions> | revoke actions <actions> on entity <entity-id> from [principal-type] <principal-name> | |
Check Access | security access entity <entity-id> principal-type <principal-type> principal-name <principal-name> actions <actions> | Remove. | |
Create Role | - | create role <role-name> | |
Drop Role | - | drop role <role-name> | |
List Roles | - | list roles | |
Add role to group | - | add role <role-name> to group <group-name> | Q: Should we allow adding roles to users as well? Sentry only supports adding to groups. |
Remove role from group | - | remove role <role-name> from group <group-name> | |
List roles for group | - | list roles for group <group-name> | |
List privileges for role | - | list privileges for role <role-name> |