diff --git a/modules/n1ql/pages/n1ql-language-reference/grant.adoc b/modules/n1ql/pages/n1ql-language-reference/grant.adoc index 7c643ee57..245b73be5 100644 --- a/modules/n1ql/pages/n1ql-language-reference/grant.adoc +++ b/modules/n1ql/pages/n1ql-language-reference/grant.adoc @@ -15,14 +15,14 @@ Roles can be of the following two types: simple:: Roles which apply generically to all keyspaces or resources in the cluster. + -For example: `ClusterAdmin` or `BucketAdmin` +For example: `cluster_admin` or `bucket_admin` parameterized by a keyspace:: Roles which are defined for the scope of the specified keyspace only. The keyspace name is specified after ON. + -For example: `pass:c[DataReader ON `travel-sample`]` + -or `pass:c[Query_Select ON `travel-sample`]` +For example: `pass:c[data_reader ON `travel-sample`]` + +or `pass:c[query_select ON `travel-sample`]` NOTE: Only Full Administrators can run the GRANT statement. For more details about user roles, see {authorization-overview}[Authorization]. @@ -78,14 +78,11 @@ Refer to the {keyspace-ref}[CREATE INDEX] statement for details of the syntax. == Usage -GRANT statements support legacy systems and have two forms: +GRANT statements have two forms: .{counter:form}. Unparameterized Roles [source,sqlpp] ---- -GRANT Replication Admin, Query External Access - TO cchaplan, jgleason; - GRANT replication_admin, query_external_access TO cchaplan, jgleason; ---- @@ -93,10 +90,6 @@ GRANT replication_admin, query_external_access .{counter:form}. Parameterized Roles [source,sqlpp] ---- -GRANT Query Select, Views Admin - ON orders, customers - TO bill, linda; - GRANT query_select, views_admin ON orders, customers TO bill, linda; @@ -106,18 +99,18 @@ NOTE: Mixing of parameterized and unparameterized roles or syntax is not allowed == Examples -.Grant the role of Cluster Administrator to three people +.Grant the role of Cluster Admin to three people ==== [source,sqlpp] ---- -GRANT ClusterAdmin TO david, michael, robin; +GRANT cluster_admin TO david, michael, robin; ---- ==== -.Grant the roles of Cluster Administrator and Data Reader in the travel-sample keyspace to Debby +.Grant the roles of Cluster Admin and Data Reader in the travel-sample keyspace to Debby ==== [source,sqlpp] ---- -GRANT ClusterAdmin, DataReader ON `travel-sample` TO debby; +GRANT query_select, query_update ON `travel-sample` TO debby; ---- ==== \ No newline at end of file diff --git a/modules/n1ql/pages/n1ql-language-reference/revoke.adoc b/modules/n1ql/pages/n1ql-language-reference/revoke.adoc index 2f72cdcbc..57a6ab1c8 100644 --- a/modules/n1ql/pages/n1ql-language-reference/revoke.adoc +++ b/modules/n1ql/pages/n1ql-language-reference/revoke.adoc @@ -15,14 +15,14 @@ Roles can be of the following two types: simple:: Roles which apply generically to all keyspaces/resources in the cluster. + -For example: `ClusterAdmin` or `BucketAdmin` +For example: `cluster_admin` or `bucket_admin` parameterized by a keyspace:: Roles which are defined for the scope of the specified keyspace only. The keyspace name is specified after ON. + -For example: `pass:c[DataReader ON `travel-sample`]` + -or `pass:c[Query_Select ON `travel-sample`]` +For example: `pass:c[data_reader ON `travel-sample`]` + +or `pass:c[query_select ON `travel-sample`]` NOTE: Only Full Administrators can run the REVOKE statement. For more details about user roles, see @@ -79,19 +79,19 @@ Refer to the {keyspace-ref}[CREATE INDEX] statement for details of the syntax. == Examples -.Revoke the role of ClusterAdmin from three people +.Revoke the role of Cluster Admin from three people ==== [source,sqlpp] ---- -REVOKE ClusterAdmin FROM david, michael, robin +REVOKE cluster_admin FROM david, michael, robin ---- ==== -.Revoke the roles of ClusterAdmin and QueryUpdate in the travel-sample keyspace from debby +.Revoke the roles of Cluster Admin and Query Update in the travel-sample keyspace from Debby ==== [source,sqlpp] ---- -REVOKE ClusterAdmin, QueryUpdate +REVOKE query_select, query_update ON `travel-sample` FROM debby ----