Repository: kylin Updated Branches: refs/heads/document 52932cf0e -> b05979700
project level acl Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/5a152c8f Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/5a152c8f Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/5a152c8f Branch: refs/heads/document Commit: 5a152c8fce1246411e486360074a8f415ced92f3 Parents: 52932cf Author: lidongsjtu <lid...@apache.org> Authored: Fri Nov 3 23:29:17 2017 +0800 Committer: lidongsjtu <lid...@apache.org> Committed: Fri Nov 3 23:29:17 2017 +0800 ---------------------------------------------------------------------- website/_docs21/index.cn.md | 6 +- website/_docs21/index.md | 1 + website/_docs21/tutorial/acl.md | 7 ++- website/_docs21/tutorial/project_level_acl.md | 62 +++++++++++++++++++++ website/images/Project-level-acl/ACL-1.png | Bin 0 -> 11742 bytes website/images/Project-level-acl/ACL-2.png | Bin 0 -> 57688 bytes website/images/Project-level-acl/ACL-3.png | Bin 0 -> 38965 bytes 7 files changed, 73 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/_docs21/index.cn.md ---------------------------------------------------------------------- diff --git a/website/_docs21/index.cn.md b/website/_docs21/index.cn.md index eb14dfb..76152cc 100644 --- a/website/_docs21/index.cn.md +++ b/website/_docs21/index.cn.md @@ -12,8 +12,10 @@ permalink: /cn/docs21/index.html Apache Kylinâ¢æ¯ä¸ä¸ªå¼æºçåå¸å¼åæå¼æï¼æä¾Hadoopä¹ä¸çSQLæ¥è¯¢æ¥å£åå¤ç»´åæï¼OLAPï¼è½å以æ¯æè¶ å¤§è§æ¨¡æ°æ®ï¼æåç±eBay Inc.å¼å并贡ç®è³å¼æºç¤¾åºã æ¥çæ§çæ¬ææ¡£: -* [v2.0](/cn/docs20/) -* [v1.6](/cn/docs16/) +* [v2.1.x and v2.2.x document](/docs21/) +* [v2.0.x document](/docs20/) +* [v1.6.x document](/docs16/) +* [v1.5.x document](/docs15/) å®è£ ------------ http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/_docs21/index.md ---------------------------------------------------------------------- diff --git a/website/_docs21/index.md b/website/_docs21/index.md index 5515cac..46063c0 100644 --- a/website/_docs21/index.md +++ b/website/_docs21/index.md @@ -13,6 +13,7 @@ Apache Kylin⢠is an open source Distributed Analytics Engine designed to provi Document of prior versions: +* [v2.1.x and v2.2.x document](/docs21/) * [v2.0.x document](/docs20/) * [v1.6.x document](/docs16/) * [v1.5.x document](/docs15/) http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/_docs21/tutorial/acl.md ---------------------------------------------------------------------- diff --git a/website/_docs21/tutorial/acl.md b/website/_docs21/tutorial/acl.md index 0485e94..b05d7ac 100644 --- a/website/_docs21/tutorial/acl.md +++ b/website/_docs21/tutorial/acl.md @@ -1,11 +1,16 @@ --- layout: docs21 -title: Cube Permission +title: Cube Permission (v2.1.x) categories: tutorial permalink: /docs21/tutorial/acl.html since: v0.7.1 --- +``` +Notes: +Cube ACL is removed since v2.2.0, please use  to manager ACL. +``` + In `Cubes` page, double click the cube row to see the detail information. Here we focus on the `Access` tab. Click the `+Grant` button to grant permission. http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/_docs21/tutorial/project_level_acl.md ---------------------------------------------------------------------- diff --git a/website/_docs21/tutorial/project_level_acl.md b/website/_docs21/tutorial/project_level_acl.md new file mode 100644 index 0000000..cce9a2b --- /dev/null +++ b/website/_docs21/tutorial/project_level_acl.md @@ -0,0 +1,62 @@ +--- +layout: docs21 +title: Project Level ACL +categories: tutorial +permalink: /docs21/tutorial/project_level_acl.html +since: v2.1.0 +--- + +Whether a user can access a project and use some functionalities within the project is determined by project-level access control, there are four types of access permission role set at the project-level in Apache Kylin. They are *ADMIN*, *MANAGEMENT*, *OPERATION* and *QUERY*. Each role defines a list of functionality user may perform in Apache Kylin. + +- *QUERY*: designed to be used by analysts who only need access permission to query tables/cubes in the project. +- *OPERATION*: designed to be used by operation team in a corporate/organization who need permission to maintain the Cube. OPERATION access permission includes QUERY. +- *MANAGEMENT*: designed to be used by Modeler or Designer who is fully knowledgeable of business meaning of the data/model, Cube will be in charge of Model and Cube design. MANAGEMENT access permission includes OPERATION, and QUERY. +- *ADMIN*: Designed to fully manage the project. ADMIN access permission includes MANAGEMENT, OPERATION and QUERY. + +Access permissions are independent between different projects. + +### How Access Permission is Determined + +Once project-level access permission has been set for a user, access permission on data source, model and Cube will be inherited based on the access permission role defined on project-level. For detailed functionalities, each access permission role can have access to, see table below. + +| | System Admin | Project Admin | Management | Operation | Query | +| ---------------------------------------- | ------------ | ------------- | ---------- | --------- | ----- | +| Create/delete project | Yes | No | No | No | No | +| Edit project | Yes | Yes | No | No | No | +| Add/edit/delete project access permission | Yes | Yes | No | No | No | +| Check model page | Yes | Yes | Yes | Yes | Yes | +| Check data source page | Yes | Yes | Yes | No | No | +| Load, unload table, reload table | Yes | Yes | No | No | No | +| View model in read only mode | Yes | Yes | Yes | Yes | Yes | +| Add, edit, clone, drop model | Yes | Yes | Yes | No | No | +| Check cube detail definition | Yes | Yes | Yes | Yes | Yes | +| Add, disable/enable, clone cube, edit, drop cube, purge cube | Yes | Yes | Yes | No | No | +| Build, refresh, merge cube | Yes | Yes | Yes | Yes | No | +| Edit, view cube json | Yes | Yes | Yes | No | No | +| Check insight page | Yes | Yes | Yes | Yes | Yes | +| View table in insight page | Yes | Yes | Yes | Yes | Yes | +| Check monitor page | Yes | Yes | Yes | Yes | No | +| Check system page | Yes | No | No | No | No | +| Reload metadata, disable cache, set config, diagnosis | Yes | No | No | No | No | + +Additionally, when Query Pushdown is enabled, QUERY access permission on a project allows users to issue push down queries on all tables in the project even though no cube could serve them. It's impossible if a user is not yet granted QUERY permission at project-level. + +### Manage Access Permission at Project-level + +1. Click the small gear shape icon on the top-left corner of Model page. You will be redirected to project page + +  + +2. In project page, expand a project and choose Access. +3. Click `Grant`to grant permission to user. + +  + +4. Fill in name of the user or role, choose permission and then click `Grant` to grant permission. + +5. You can also revoke and update permission on this page. + +  + + Please note that in order to grant permission to default user (MODELER and ANLAYST), these users need to login as least once. + â \ No newline at end of file http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/images/Project-level-acl/ACL-1.png ---------------------------------------------------------------------- diff --git a/website/images/Project-level-acl/ACL-1.png b/website/images/Project-level-acl/ACL-1.png new file mode 100644 index 0000000..f1ae976 Binary files /dev/null and b/website/images/Project-level-acl/ACL-1.png differ http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/images/Project-level-acl/ACL-2.png ---------------------------------------------------------------------- diff --git a/website/images/Project-level-acl/ACL-2.png b/website/images/Project-level-acl/ACL-2.png new file mode 100644 index 0000000..0d7e0b5 Binary files /dev/null and b/website/images/Project-level-acl/ACL-2.png differ http://git-wip-us.apache.org/repos/asf/kylin/blob/5a152c8f/website/images/Project-level-acl/ACL-3.png ---------------------------------------------------------------------- diff --git a/website/images/Project-level-acl/ACL-3.png b/website/images/Project-level-acl/ACL-3.png new file mode 100644 index 0000000..4f10e1b Binary files /dev/null and b/website/images/Project-level-acl/ACL-3.png differ
