Description
We have now completed the first phase of RBAC. After these pr merged(#14567, #14514, #14501, #14393, #14380, #14344, #14333) both permissions and RBAC ensure Forward/Backward compatibility.
So we can start the second phase of work
- Cover more object in RBAC and refined permission check to to split super privilege.
- semantic alignment with sf
Summary
Important
-
add some doc about rbac, ownership
-
Feature: Account admin role need support grant ownership #14572
-
Feature: table level privilege access check need consider if exists #14699
-
fix: forbidden special char like
'"in user/role name #14788 -
test: semantic alignment with sf on the ownerships about database/tables #13323
The following tasks can be performed upon request
-
Feature: drop database need drop db.table's ownership #14463
-
feat: cover privilege check about connection
-
feat: cover privilege check about warehouse
-
feat: cover privilege & owner check about Stream
-
feat: cover privilege & owner check about Share/ShareEndpoint
-
feat: cover privilege & owner check about DataMask
-
Refactor: only admin user can CRUD index
-
Refactor: only admin user can CRUD FileFormat
-
Feature: drop database need drop db.table's ownership #14463
-
Refactor: More refined permission management (RenameDatabase/AlterUDF/RevertTable/CRUD_Virtual_Column)
-
feat: NetworkPolicy, PasswordPolicy need add ownership(low )