dimas-b commented on code in PR #2424: URL: https://github.com/apache/polaris/pull/2424#discussion_r2293919676
########## site/content/in-dev/unreleased/access-control.md: ########## @@ -50,10 +50,9 @@ has the following securable objects: A principal role is a resource in Polaris that you can use to logically group Polaris service principals together and grant privileges on securable objects. -Polaris supports a many-to-one relationship between service principals and principal roles. For example, to grant the same privileges to -multiple service principals, you can grant a single principal role to those service principals. A service principal can be granted one -principal role. When registering a service connection, the Polaris administrator specifies the principal role that is granted to the -service principal. +Polaris supports a many-to-one relationship between service principals and principal roles. For example, you can grant the same principal role Review Comment: What is a "service principal"? Given that Polaris support external IdP now, it might be preferable to describe it simply as "principal". WDYT? ########## site/content/in-dev/unreleased/access-control.md: ########## @@ -50,10 +50,9 @@ has the following securable objects: A principal role is a resource in Polaris that you can use to logically group Polaris service principals together and grant privileges on securable objects. -Polaris supports a many-to-one relationship between service principals and principal roles. For example, to grant the same privileges to -multiple service principals, you can grant a single principal role to those service principals. A service principal can be granted one -principal role. When registering a service connection, the Polaris administrator specifies the principal role that is granted to the -service principal. +Polaris supports a many-to-one relationship between service principals and principal roles. For example, you can grant the same principal role +to multiple service principals, or grant multiple principal roles to a single service principal. When registering a service connection, the Review Comment: I believe the part after `For example` contradicts the `many-to-one` statement. Assuming the example is correct the relationship is many-to-many, right? ########## site/content/in-dev/unreleased/access-control.md: ########## @@ -50,10 +50,9 @@ has the following securable objects: A principal role is a resource in Polaris that you can use to logically group Polaris service principals together and grant privileges on securable objects. -Polaris supports a many-to-one relationship between service principals and principal roles. For example, to grant the same privileges to -multiple service principals, you can grant a single principal role to those service principals. A service principal can be granted one -principal role. When registering a service connection, the Polaris administrator specifies the principal role that is granted to the -service principal. +Polaris supports a many-to-one relationship between service principals and principal roles. For example, you can grant the same principal role +to multiple service principals, or grant multiple principal roles to a single service principal. When registering a service connection, the Review Comment: What is a "service connection"? How is it registered? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
