Skip to content

Commit

Permalink
DOC-1786-secret-privil-req
Browse files Browse the repository at this point in the history
  • Loading branch information
Victor Lee authored and Victor Lee committed Jun 23, 2023
1 parent 7593c1b commit f1f358f
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
12 changes: 8 additions & 4 deletions modules/reference/pages/list-of-privileges.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,14 @@

This page provides a complete list of privileges in TigerGraph's Role-based Access Control system.

* Any privilege marked "`on global only`" can only be granted to a global role. It cannot be granted to a local role (See xref:user-access:roles-and-privileges.adoc[Global role vs local role]).
** Local roles are deprecated and will be dropped in a later version.
* The command `IMPORT GRAPH <gName>` needs multiple privileges, .e.g `WRITE_SCHEMA`, `WRITE_LOADING_JOB`, `WRITE_QUERY` and so on.
* To run the command `CREATE SECRET` on a graph, the user must have at least one of the access database privileges: `READ_DATA`, `WRITE_DATA` and `EXECUTE_LOADINGJOB` on that graph. Thus the built-in `queryreader` role and above can create secrets on a graph, but the observer role cannot.
[NOTE]
====
* Any privilege marked "`Global only`" can only be granted to a global role.
It cannot be granted to a local role (See xref:user-access:role-management.adoc[Global role vs local role]).
* Local roles are deprecated and will be dropped in a later version.
====


== Table of Privileges
[width="100%",cols="22%,63%,15%",options="header",]
Expand Down
9 changes: 8 additions & 1 deletion modules/user-access/pages/managing-credentials.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,14 @@ CREATE SECRET [<alias>]

Use the `CREATE SECRET` command to generate a secret for the current user and graph. It is optional to provide an alias for the secret.

Beginning with TigerGraph 3.1.4, the system will generate a random alias for the secret if the user does not provide an alias for that secret. Randomly generated aliases begin with `AUTO_GENERATED_ALIAS_` and include a random 7-character string.
The system will generate a random alias for the secret if the user does not provide an alias for that secret.
Randomly generated aliases begin with `AUTO_GENERATED_ALIAS_` and include a random 7-character string.

==== Required privilege

At least one of the database access privileges on the given graph: `READ_DATA`, `CREATE_DATA`, `UPDATE_DATA`, `DELETE_DATA` or `EXECUTE_LOADINGJOB`. The built-in `queryreader` role satisfies this requirement.



=== List secrets

Expand Down

0 comments on commit f1f358f

Please sign in to comment.