GRANT ROLE
Description
Grant a role on a specified Onehouse resource. See the permissions documentation for more details.
To grant privileges on data objects, use GRANT PRIVILEGE.
Syntax
GRANT ROLE <role> ON <resource_type> <resource_name> TO <principal_type> <principal_identifier>
Examples
GRANT ROLE MEMBER ON PROJECT 'my_project' TO GROUP 'eng_team'
GRANT ROLE USER ON CLUSTER 'managed_cluster' TO USER 'steve@apple.com'
Required Parameters
role: Specify one of{ADMIN|MEMBER|VIEWER|EDITOR|USER|MANAGER}.resource_type: Specify one of{ACCOUNT|PROJECT|GROUP|SERVICE_PRINCIPAL|CLUSTER}.resource_name: Specify the name of the resource to grant the role on.principal_type: Specify one of{USER|GROUP|SERVICE_PRINCIPAL}.principal_identifier: Specify one of{<user_email>|<group_id>|<service_principal_id>}.
Supported Grants
Only the following combinations of role and principal_type are supported via API for each resource_type:
| resource_type | role | principal_type |
|---|---|---|
| ACCOUNT | MEMBER, READER, ADMIN | SERVICE_PRINCIPAL |
| GROUP | MEMBER, MANAGER | USER, SERVICE_PRINCIPAL |
| SERVICE_PRINCIPAL | MEMBER, MANAGER | USER, GROUP |
| PROJECT | MEMBER, READER, ADMIN | USER, GROUP, SERVICE_PRINCIPAL |
| CLUSTER | VIEWER, USER, EDITOR, MANAGER | USER, GROUP, SERVICE_PRINCIPAL |