Regarding Roles and Privileges

  1. Object based privileges “ACCESS” (Object-Based Privilege Tables :: TigerGraph DB), can we have more information on this privilege. Like if we assign this privilege to a role will it be having all read/write/update/delete on every graph and its data.

FYI: I am seeing this legacy privilege information on “APP_ACCESS_DATA” but its confusing (List of Legacy Privilege Syntax :: TigerGraph DB)

  1. Also, object have “object” and “Plural Objects” how are these differentiated. Provide an example.

  2. Are roles created in 4.1.2 version are by default global?

  3. Although I assigned “object based privileges” but when I query roles, its still showing as if “legacy privilege” naming convention. Am I doing any thing wrong.
    FYI:

GSQL > show privilege on role test_role
Role: "test_role"
  - Global Privileges:
    READ_SCHEMA
    READ_LOADINGJOB
    APP_ACCESS_DATA

GSQL > GRANT CREATE ON ALL QUERIES IN GLOBAL to test_role
The privilege "CREATE" is successfully granted on "ALL QUERIES" IN GLOBAL to role: test_role
GSQL > show privilege on role test_role
Role: "test_role"
  - Global Privileges:
    READ_SCHEMA
    READ_LOADINGJOB
    CREATE_QUERY
    APP_ACCESS_DATA