[#9535] docs(function-privilege): document function privileges#10820
Open
mchades wants to merge 2 commits intoapache:mainfrom
Open
[#9535] docs(function-privilege): document function privileges#10820mchades wants to merge 2 commits intoapache:mainfrom
mchades wants to merge 2 commits intoapache:mainfrom
Conversation
Add REGISTER_FUNCTION/EXECUTE_FUNCTION/MODIFY_FUNCTION and FUNCTION metadata object entries to the access-control reference and the OpenAPI roles schema. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
mchades
changed the title
Code Coverage Report
|
roryqi
reviewed
Apr 20, 2026
| | CREATE_MODEL | Metalake, Catalog, Schema | Register a model, this is deprecated. Please use `REGISTER_MODEL` instead. | | ||
| | CREATE_MODEL_VERSION | Metalake, Catalog, Schema, Model | Link a model version, this is deprecated. Please use `LINK_MODEL_VERSION` instead. | | ||
|
|
||
| ### Function privileges |
Contributor
There was a problem hiding this comment.
You should include function in Supported Objects:.
…object descriptions - Add Function to Supported Objects (ownership) table - Add Function and Model to Metadata Objects description text - Add Function and Model to securable objects hierarchy diagram - Add Function to MANAGE_GRANTS supported securable objects Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes were proposed in this pull request?
Update the authorization documentation to cover the three new function privileges
introduced in #10811.
Changes:
docs/security/access-control.md— add a Function privileges section with a privilege table (REGISTER_FUNCTION,EXECUTE_FUNCTION,MODIFY_FUNCTION) and corresponding rows in the operation-to-privilege reference tabledocs/open-api/roles.yaml— addREGISTER_FUNCTION,EXECUTE_FUNCTION,MODIFY_FUNCTIONto thePrivilege.nameenum andFUNCTIONto theSecurableObject.typeenum (both in the schema and the path-parameter enum)Why are the changes needed?
The new function privileges are unusable without documentation.
Users and integrators need to know which privilege grants which operation and at which securable-object level.
Fix: #9535
Does this PR introduce any user-facing change?
Documentation only — no code changes.
How was this patch tested?
./gradlew :docs:build— OpenAPI specification validation passes.