From ebc6e665716578efcf070d31618804eb96194e07 Mon Sep 17 00:00:00 2001 From: Simon Dew Date: Mon, 20 Oct 2025 12:54:55 +0100 Subject: [PATCH 1/3] Update GRANT --- .../pages/n1ql-language-reference/grant.adoc | 23 +++++++------------ 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/modules/n1ql/pages/n1ql-language-reference/grant.adoc b/modules/n1ql/pages/n1ql-language-reference/grant.adoc index 7c643ee57..9035c0fd4 100644 --- a/modules/n1ql/pages/n1ql-language-reference/grant.adoc +++ b/modules/n1ql/pages/n1ql-language-reference/grant.adoc @@ -15,14 +15,14 @@ Roles can be of the following two types: simple:: Roles which apply generically to all keyspaces or resources in the cluster. + -For example: `ClusterAdmin` or `BucketAdmin` +For example: `cluster_admin` or `bucket_admin` parameterized by a keyspace:: Roles which are defined for the scope of the specified keyspace only. The keyspace name is specified after ON. + -For example: `pass:c[DataReader ON `travel-sample`]` + -or `pass:c[Query_Select ON `travel-sample`]` +For example: `pass:c[data_reader ON `travel-sample`]` + +or `pass:c[query_select ON `travel-sample`]` NOTE: Only Full Administrators can run the GRANT statement. For more details about user roles, see {authorization-overview}[Authorization]. @@ -78,14 +78,11 @@ Refer to the {keyspace-ref}[CREATE INDEX] statement for details of the syntax. == Usage -GRANT statements support legacy systems and have two forms: +GRANT statements have two forms: .{counter:form}. Unparameterized Roles [source,sqlpp] ---- -GRANT Replication Admin, Query External Access - TO cchaplan, jgleason; - GRANT replication_admin, query_external_access TO cchaplan, jgleason; ---- @@ -93,10 +90,6 @@ GRANT replication_admin, query_external_access .{counter:form}. Parameterized Roles [source,sqlpp] ---- -GRANT Query Select, Views Admin - ON orders, customers - TO bill, linda; - GRANT query_select, views_admin ON orders, customers TO bill, linda; @@ -106,18 +99,18 @@ NOTE: Mixing of parameterized and unparameterized roles or syntax is not allowed == Examples -.Grant the role of Cluster Administrator to three people +.Grant the role of Cluster Admin to three people ==== [source,sqlpp] ---- -GRANT ClusterAdmin TO david, michael, robin; +GRANT cluster_admin TO david, michael, robin; ---- ==== -.Grant the roles of Cluster Administrator and Data Reader in the travel-sample keyspace to Debby +.Grant the roles of Cluster Admin and Data Reader in the travel-sample keyspace to Debby ==== [source,sqlpp] ---- -GRANT ClusterAdmin, DataReader ON `travel-sample` TO debby; +GRANT cluster_admin, data_reader ON `travel-sample` TO debby; ---- ==== \ No newline at end of file From a0a7e23849046618a969a9228f79662bedcd9271 Mon Sep 17 00:00:00 2001 From: Simon Dew Date: Mon, 20 Oct 2025 12:55:05 +0100 Subject: [PATCH 2/3] Update REVOKE --- .../n1ql/pages/n1ql-language-reference/revoke.adoc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/n1ql/pages/n1ql-language-reference/revoke.adoc b/modules/n1ql/pages/n1ql-language-reference/revoke.adoc index 2f72cdcbc..04c8cc20d 100644 --- a/modules/n1ql/pages/n1ql-language-reference/revoke.adoc +++ b/modules/n1ql/pages/n1ql-language-reference/revoke.adoc @@ -15,14 +15,14 @@ Roles can be of the following two types: simple:: Roles which apply generically to all keyspaces/resources in the cluster. + -For example: `ClusterAdmin` or `BucketAdmin` +For example: `cluster_admin` or `bucket_admin` parameterized by a keyspace:: Roles which are defined for the scope of the specified keyspace only. The keyspace name is specified after ON. + -For example: `pass:c[DataReader ON `travel-sample`]` + -or `pass:c[Query_Select ON `travel-sample`]` +For example: `pass:c[data_reader ON `travel-sample`]` + +or `pass:c[query_select ON `travel-sample`]` NOTE: Only Full Administrators can run the REVOKE statement. For more details about user roles, see @@ -79,19 +79,19 @@ Refer to the {keyspace-ref}[CREATE INDEX] statement for details of the syntax. == Examples -.Revoke the role of ClusterAdmin from three people +.Revoke the role of Cluster Admin from three people ==== [source,sqlpp] ---- -REVOKE ClusterAdmin FROM david, michael, robin +REVOKE cluster_admin FROM david, michael, robin ---- ==== -.Revoke the roles of ClusterAdmin and QueryUpdate in the travel-sample keyspace from debby +.Revoke the roles of Cluster Admin and Query Update in the travel-sample keyspace from Debby ==== [source,sqlpp] ---- -REVOKE ClusterAdmin, QueryUpdate +REVOKE cluster_admin, query_update ON `travel-sample` FROM debby ---- From cb0d100cce7f08d4f4c676b6f0677840305fe598 Mon Sep 17 00:00:00 2001 From: Simon Dew Date: Tue, 21 Oct 2025 16:10:29 +0100 Subject: [PATCH 3/3] Updates after review --- modules/n1ql/pages/n1ql-language-reference/grant.adoc | 2 +- modules/n1ql/pages/n1ql-language-reference/revoke.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/n1ql/pages/n1ql-language-reference/grant.adoc b/modules/n1ql/pages/n1ql-language-reference/grant.adoc index 9035c0fd4..245b73be5 100644 --- a/modules/n1ql/pages/n1ql-language-reference/grant.adoc +++ b/modules/n1ql/pages/n1ql-language-reference/grant.adoc @@ -111,6 +111,6 @@ GRANT cluster_admin TO david, michael, robin; ==== [source,sqlpp] ---- -GRANT cluster_admin, data_reader ON `travel-sample` TO debby; +GRANT query_select, query_update ON `travel-sample` TO debby; ---- ==== \ No newline at end of file diff --git a/modules/n1ql/pages/n1ql-language-reference/revoke.adoc b/modules/n1ql/pages/n1ql-language-reference/revoke.adoc index 04c8cc20d..57a6ab1c8 100644 --- a/modules/n1ql/pages/n1ql-language-reference/revoke.adoc +++ b/modules/n1ql/pages/n1ql-language-reference/revoke.adoc @@ -91,7 +91,7 @@ REVOKE cluster_admin FROM david, michael, robin ==== [source,sqlpp] ---- -REVOKE cluster_admin, query_update +REVOKE query_select, query_update ON `travel-sample` FROM debby ----