Skip to content
Permalink
Browse files
misc ranger doc updates (closes #113)
  • Loading branch information
lisakowen authored and dyozie committed Apr 4, 2017
1 parent d57b25b commit 51428eb20bf32c98e3b322675333d27635c4113a
Showing 3 changed files with 5 additions and 13 deletions.
@@ -44,5 +44,5 @@ The Ranger plug-in service is not compatible with Highly-Available HAWQ deployme

Ranger User Group policies cannot be used with HAWQ in this release. Only User Policies are currently supported.

Some authorization checks for superuser-restricted authorization events are handled by HAWQ natively, even when Ranger integration is enabled. See [HAWQ-Native Authorization](ranger-policy-creation.html#alwaysnative).
Some authorization checks for superuser-restricted authorization events are handled by HAWQ natively, even when Ranger integration is enabled. See [HAWQ-Native Authorization](../clientaccess/hawq-access-checks.html#alwaysnative).

@@ -65,8 +65,8 @@ specifying these permissions:

| Permission | Allows SQL Commands | Equivalent GRANT Command |
|-------------|------------------------------|----------------------|
| usage-schema | TOO MANY TO LIST?, built-in HAWQ functions | GRANT USAGE ON SCHEMA \<schema-name\> TO \<user-name\> |
| create | CREATE [EXTERNAL] TABLE, CREATE SEQUENCE, CREATE FUNCTION, CREATE OPERATOR, CREATE OPERATOR CLASS (superuser only), CREATE AGGREGATE, CREATE VIEW, CREATE TYPE, SELECT INTO, ?MORE? | GRANT CREATE ON SCHEMA \<schema-name\> TO \<user-name\> |
| usage-schema | MANY | GRANT USAGE ON SCHEMA \<schema-name\> TO \<user-name\> |
| create | ALTER/CREATE AGGREGATE, ALTER TABLE, CREATE [EXTERNAL] TABLE, CREATE FUNCTION, CREATE OPERATOR, CREATE OPERATOR CLASS (superuser only), CREATE SEQUENCE, CREATE VIEW, CREATE TYPE, SELECT INTO | GRANT CREATE ON SCHEMA \<schema-name\> TO \<user-name\> |


## <a id="tblops"></a> Policies for Table Operations
@@ -164,19 +164,11 @@ The following table identifies the permissions required for common SQL commands.


<tr class="even">
<td rowspan="4">CREATE FUNCTION<p>&lt;func-name&gt;<p>(untrusted &lt;language-name&gt;) &&</td>
<td rowspan="2">CREATE FUNCTION<p>&lt;func-name&gt;<p>(untrusted &lt;language-name&gt;) &&</td>
<td>usage-schema, create</td>
<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
</tr>
<tr class="odd">
<td>usage</td>
<td>&lt;db-name&gt;/&lt;language-name&gt;</td>
</tr>
<tr class="even">
<td>execute</td>
<td>&lt;db-name&gt;/&lt;schema-name&gt;/&lt;func-name&gt;</td>
</tr>
<tr class="odd">
<td></td>
<td>##</td>
</tr>
@@ -217,7 +209,7 @@ The following table identifies the permissions required for common SQL commands.
</tr>

<tr class="even">
<td rowspan="2">CREATE ... TABLESPACE<p>&lt;tablespace-name&gt;</td>
<td rowspan="2">CREATE TABLE ...<p>TABLESPACE<p>&lt;tablespace-name&gt;</td>
<td>usage-schema, create</td>
<td>&lt;db-name&gt;/&lt;schema-name&gt;/*</td>
</tr>

0 comments on commit 51428eb

Please sign in to comment.