vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_01_0150.html
Lu, Huayi 95132e24fc DWS UMN 830.201_new version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-27 11:54:34 +00:00

101 lines
9.6 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001658895338"></a><a name="EN-US_TOPIC_0000001658895338"></a>
<h1 class="topictitle1">RBAC Syntax of RBAC Policies</h1>
<div id="body8662426"><div class="section" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_section16899132910417"><h4 class="sectiontitle">Policy Structure</h4><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p06653011413">An RBAC policy consists of a Version, a Statement, and Depends.</p>
<div class="fignone" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_fig86683014414"><span class="figcap"><b>Figure 1 </b>RBAC policy structure</span><br><span><img id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_image16661130154113" src="figure/en-us_image_0000001711820088.jpg"></span></div>
</div>
<div class="section" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_section1590162924117"><h4 class="sectiontitle">Policy Syntax</h4><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p136693015412">When selecting a policy for a user group, click <span><img id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_image561142511570" src="figure/en-us_image_0000001759579501.png"></span> below the policy to view the details of the policy. The <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b1172314912614">DWS Administrator</strong> policy is used as an example to describe the syntax of RBAC policies.</p>
<div class="fignone" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_fig13383143711518"><span class="figcap"><b>Figure 2 </b>Syntax of RBAC Policies</span><br><span><img id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_image178149408310" src="figure/en-us_image_0000001759419673.png" title="Click to enlarge" class="imgResize"></span></div>
<pre class="screen" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_screen196643024111">{
"Version": "1.0",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dws:dws:*"
]
}
],
"Depends": [
{
"catalog": "BASE",
"display_name": "Server Administrator"
},
{
"catalog": "BASE",
"display_name": "Tenant Guest"
}
]
}</pre>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_table3903162974115" frame="border" border="1" rules="all"><thead align="left"><tr id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_row566730134116"><th align="left" class="cellrowborder" colspan="2" valign="top" id="mcps1.3.2.5.1.5.1.1"><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p166713044114">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.1.5.1.2"><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p967133084118">Meaning</p>
</th>
<th align="left" class="cellrowborder" valign="top" id="mcps1.3.2.5.1.5.1.3"><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p1167230174111">Value</p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_row7674301419"><td class="cellrowborder" colspan="2" valign="top" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p166711303412">Version</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.2 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p467430154112">Policy version</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.3 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p96713016412">The value is fixed to <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b294362784">1.0</strong>.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_row11671330204110"><td class="cellrowborder" rowspan="2" valign="top" width="17.17171717171717%" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p76763034113">Statement</p>
</td>
<td class="cellrowborder" valign="top" width="17.17171717171717%" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p10671730184110">Action</p>
</td>
<td class="cellrowborder" valign="top" width="28.28282828282828%" headers="mcps1.3.2.5.1.5.1.2 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p166818306418">Operations to be performed on GaussDB(DWS)</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373737%" headers="mcps1.3.2.5.1.5.1.3 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p26833014419">Format: <em id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_i19334939887">Service name:Resource type:Operation</em>.</p>
<p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p146833094114"><strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b131511695914">dws:dws:*</strong>: Permissions for performing all operations on all resource types in GaussDB(DWS).</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_row868173017418"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p76873044115">Effect</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p16681830134113">Whether the operation defined in an action is allowed</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.2 "><ul id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_ul468830144114"><li id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_li3683307415">Allow</li><li id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_li568193084117">Deny</li></ul>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_row1681030114110"><td class="cellrowborder" rowspan="2" valign="top" width="17.17171717171717%" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p36813024112">Depends</p>
</td>
<td class="cellrowborder" valign="top" width="17.17171717171717%" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p568103017417">catalog</p>
</td>
<td class="cellrowborder" valign="top" width="28.28282828282828%" headers="mcps1.3.2.5.1.5.1.2 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p166883020415">Name of the service to which dependencies of a policy belong</p>
</td>
<td class="cellrowborder" valign="top" width="37.37373737373737%" headers="mcps1.3.2.5.1.5.1.3 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p66993044118">Service name</p>
<p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p136913074119">Example: <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b95174119103">BASE</strong></p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_row1969123084116"><td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p1669130104118">display_name</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.1 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p1691430134118">Name of a dependent policy</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.5.1.5.1.2 "><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p569203014118">Policy name</p>
<p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p121171413417">Example: <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b1071481510112">Server Administrator</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_note3302137154116"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p192747461218">When using RBAC for authentication, pay attention to the <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b1481652184611">Depends</strong> parameter and grant other dependent permissions at the same time.</p>
<p id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_p24521270418">For example, the <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b11470386461">DWS Administrator</strong> permission depends on the <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b5381443204612">Server Administrator</strong> and <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b1711925014616">Tenant Guest</strong> permissions. When granting the <strong id="EN-US_TOPIC_0000001658895338__en-us_topic_0000001422799557_b29099824810">DWS Administrator</strong> permission to users, you also need to grant the two dependent permissions to the users.</p>
</div></div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_01_0145.html">Permissions</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink