From c1eeafa723271d23076724fb6111234a0fa5e403 Mon Sep 17 00:00:00 2001
From: shaoting-huang <shaoting.huang@zilliz.com>
Date: Mon, 18 Nov 2024 16:01:48 +0800
Subject: [PATCH] fix built in privielge group

Signed-off-by: shaoting-huang <shaoting.huang@zilliz.com>
---
 configs/milvus.yaml  | 18 +++++++++---------
 pkg/util/constant.go |  8 ++++----
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/configs/milvus.yaml b/configs/milvus.yaml
index 281b4d1ab1603..dd2b4b651aaaa 100644
--- a/configs/milvus.yaml
+++ b/configs/milvus.yaml
@@ -816,25 +816,25 @@ common:
         enabled: false # Whether to override build-in privilege groups
       cluster:
         readonly:
-          privileges: SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups # Cluster level readonly privileges
+          privileges: ListDatabases,SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups # Cluster level readonly privileges
         readwrite:
-          privileges: SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,CreateOwnership,UpdateUser,DropOwnership,ManageOwnership,BackupRBAC,RestoreRBAC,CreateResourceGroup,UpdateResourceGroups,DropResourceGroup,TransferNode,TransferReplica # Cluster level readwrite privileges
+          privileges: ListDatabases,SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,UpdateUser,BackupRBAC,RestoreRBAC,TransferNode,TransferReplica,UpdateResourceGroups # Cluster level readwrite privileges
         admin:
-          privileges: SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,CreateOwnership,UpdateUser,DropOwnership,ManageOwnership,BackupRBAC,RestoreRBAC,CreateResourceGroup,UpdateResourceGroups,DropResourceGroup,TransferNode,TransferReplica # Cluster level admin privileges
+          privileges: ListDatabases,SelectOwnership,SelectUser,DescribeResourceGroup,ListResourceGroups,UpdateUser,BackupRBAC,RestoreRBAC,TransferNode,TransferReplica,UpdateResourceGroups,CreateOwnership,DropOwnership,ManageOwnership,CreateResourceGroup,DropResourceGroup # Cluster level admin privileges
       database:
         readonly:
-          privileges: ListDatabases,DescribeDatabase # Database level readonly privileges
+          privileges: ShowCollections,ListAliases,DescribeDatabase # Database level readonly privileges
         readwrite:
-          privileges: ListDatabases,DescribeDatabase,CreateDatabase,DropDatabase,AlterDatabase # Database level readwrite privileges
+          privileges: ShowCollections,ListAliases,DescribeDatabase,FlushAll,AlterDatabase # Database level readwrite privileges
         admin:
-          privileges: ListDatabases,DescribeDatabase,CreateDatabase,DropDatabase,AlterDatabase # Database level admin privileges
+          privileges: ShowCollections,ListAliases,DescribeDatabase,FlushAll,AlterDatabase,CreateDatabase,DropDatabase # Database level admin privileges
       collection:
         readonly:
-          privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,ShowCollections,ListAliases,DescribeCollection,DescribeAlias,GetStatistics # Collection level readonly privileges
+          privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,DescribeCollection,DescribeAlias,GetStatistics # Collection level readonly privileges
         readwrite:
-          privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,ShowCollections,ListAliases,DescribeCollection,DescribeAlias,GetStatistics,CreateIndex,DropIndex,CreatePartition,DropPartition,Load,Release,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection,CreateAlias,DropAlias,CreateCollection,DropCollection,FlushAll # Collection level readwrite privileges
+          privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,DescribeCollection,DescribeAlias,GetStatistics,Load,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection # Collection level readwrite privileges
         admin:
-          privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,ShowCollections,ListAliases,DescribeCollection,DescribeAlias,GetStatistics,CreateIndex,DropIndex,CreatePartition,DropPartition,Load,Release,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection,CreateAlias,DropAlias,CreateCollection,DropCollection,FlushAll # Collection level admin privileges
+          privileges: Query,Search,IndexDetail,GetFlushState,GetLoadState,GetLoadingProgress,HasPartition,ShowPartitions,DescribeCollection,DescribeAlias,GetStatistics,Load,Insert,Delete,Upsert,Import,Flush,Compaction,LoadBalance,RenameCollection,Release,CreateIndex,DropIndex,CreatePartition,DropPartition,CreateAlias,DropAlias,CreateCollection,DropCollection # Collection level admin privileges
     tlsMode: 0
   session:
     ttl: 30 # ttl value when session granting a lease to register service
diff --git a/pkg/util/constant.go b/pkg/util/constant.go
index e0f44abfe500b..cdfb368008046 100644
--- a/pkg/util/constant.go
+++ b/pkg/util/constant.go
@@ -314,8 +314,6 @@ var (
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetLoadingProgress.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeHasPartition.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowPartitions.String()),
-		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowCollections.String()),
-		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListAliases.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeCollection.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeAlias.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeGetStatistics.String()),
@@ -323,7 +321,6 @@ var (
 
 	CollectionReadWritePrivilegeGroup = append(CollectionReadOnlyPrivilegeGroup,
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeLoad.String()),
-		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRelease.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeInsert.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDelete.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeUpsert.String()),
@@ -335,6 +332,7 @@ var (
 	)
 
 	CollectionAdminPrivilegeGroup = append(CollectionReadWritePrivilegeGroup,
+		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeRelease.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreateIndex.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDropIndex.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeCreatePartition.String()),
@@ -346,7 +344,8 @@ var (
 	)
 
 	DatabaseReadOnlyPrivilegeGroup = []string{
-		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListDatabases.String()),
+		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeShowCollections.String()),
+		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListAliases.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeDatabase.String()),
 	}
 
@@ -361,6 +360,7 @@ var (
 	)
 
 	ClusterReadOnlyPrivilegeGroup = []string{
+		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeListDatabases.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSelectOwnership.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeSelectUser.String()),
 		MetaStore2API(commonpb.ObjectPrivilege_PrivilegeDescribeResourceGroup.String()),