Skip to content

Commit

Permalink
fix built in privielge group
Browse files Browse the repository at this point in the history 
Signed-off-by: shaoting-huang <[email protected]>
  • Loading branch information
@shaoting-huang
shaoting-huang committed Nov 18, 2024
1 parent d56ec67 commit c1eeafa
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
18 changes: 9 additions & 9 deletions configs/milvus.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -816,25 +816,25 @@ common:
enabled: false # Whether to override build-in privilege groups
cluster:
readonly:
privileges: SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups # Cluster level readonly privileges
privileges: ListDatabases,SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups # Cluster level readonly privileges
readwrite:
privileges: SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,CreateOwnership,UpdateUser,DropOwnership,ManageOwnership,BackupRBAC,RestoreRBAC,CreateResourceGroup,UpdateResourceGroups,DropResourceGroup,TransferNode,TransferReplica # Cluster level readwrite privileges
privileges: ListDatabases,SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,UpdateUser,BackupRBAC,RestoreRBAC,TransferNode,TransferReplica,UpdateResourceGroups # Cluster level readwrite privileges
admin:
privileges: SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,CreateOwnership,UpdateUser,DropOwnership,ManageOwnership,BackupRBAC,RestoreRBAC,CreateResourceGroup,UpdateResourceGroups,DropResourceGroup,TransferNode,TransferReplica # Cluster level admin privileges
privileges: ListDatabases,SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,UpdateUser,BackupRBAC,RestoreRBAC,TransferNode,TransferReplica,UpdateResourceGroups,CreateOwnership,DropOwnership,ManageOwnership,CreateResourceGroup,DropResourceGroup # Cluster level admin privileges
database:
readonly:
privileges: ListDatabases,DescribeDatabase # Database level readonly privileges
privileges: ShowCollections,ListAliases,DescribeDatabase # Database level readonly privileges
readwrite:
privileges: ListDatabases,DescribeDatabase,CreateDatabase,DropDatabase,AlterDatabase # Database level readwrite privileges
privileges: ShowCollections,ListAliases,DescribeDatabase,FlushAll,AlterDatabase # Database level readwrite privileges
admin:
privileges: ListDatabases,DescribeDatabase,CreateDatabase,DropDatabase,AlterDatabase # Database level admin privileges
privileges: ShowCollections,ListAliases,DescribeDatabase,FlushAll,AlterDatabase,CreateDatabase,DropDatabase # Database level admin privileges
collection:
readonly:
privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,ShowCollections,ListAliases,DescribeCollection,DescribeAlias,GetStatistics # Collection level readonly privileges
privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,DescribeCollection,DescribeAlias,GetStatistics # Collection level readonly privileges
readwrite:
privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,ShowCollections,ListAliases,DescribeCollection,DescribeAlias,GetStatistics,CreateIndex,DropIndex,CreatePartition,DropPartition,Load,Release,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection,CreateAlias,DropAlias,CreateCollection,DropCollection,FlushAll # Collection level readwrite privileges
privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,DescribeCollection,DescribeAlias,GetStatistics,Load,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection # Collection level readwrite privileges
admin:
privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,ShowCollections,ListAliases,DescribeCollection,DescribeAlias,GetStatistics,CreateIndex,DropIndex,CreatePartition,DropPartition,Load,Release,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection,CreateAlias,DropAlias,CreateCollection,DropCollection,FlushAll # Collection level admin privileges
privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,DescribeCollection,DescribeAlias,GetStatistics,Load,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection,Release,CreateIndex,DropIndex,CreatePartition,DropPartition,CreateAlias,DropAlias,CreateCollection,DropCollection # Collection level admin privileges
tlsMode: 0
session:
ttl: 30 # ttl value when session granting a lease to register service
Expand Down
8 changes: 4 additions & 4 deletions pkg/util/constant.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,16 +314,13 @@ var (
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeHasPartition.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowPartitions.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowCollections.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListAliases.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetStatistics.String()),
}

CollectionReadWritePrivilegeGroup = append(CollectionReadOnlyPrivilegeGroup,
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeLoad.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRelease.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeInsert.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDelete.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeUpsert.String()),
Expand All @@ -335,6 +332,7 @@ var (
)

CollectionAdminPrivilegeGroup = append(CollectionReadWritePrivilegeGroup,
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRelease.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateIndex.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropIndex.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreatePartition.String()),
Expand All @@ -346,7 +344,8 @@ var (
)

DatabaseReadOnlyPrivilegeGroup = []string{
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListDatabases.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowCollections.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListAliases.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String()),
}

Expand All @@ -361,6 +360,7 @@ var (
)

ClusterReadOnlyPrivilegeGroup = []string{
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListDatabases.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSelectOwnership.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSelectUser.String()),
MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeResourceGroup.String()),
Expand Down

0 comments on commit c1eeafa

Please sign in to comment.