RBAC Row Policy EBNF

EBNF for a Package

createPackage := CREATE PACKAGE packageName ["." packageName]*
showPackage := SHOW PACKAGE [ "-r" stringLiteral
            | [ packageName ["." packageName "."]* [ "." functionName | "*" ]]?

dropPackage := DROP PACKAGE packageName ["." packageName]*

EBNF overview of the GSQL Functions

createFunction := CREATE [OR REPLACE] FUNCTION packageName
                [ "." packageName ]* "." functionName
                "(" [parameterList] ")"
                RETURNS "("  baseType ")"
                "{" functionBody "}"

functionBody := [declStmt | declExceptStmt | functionBodyStmt]+
declStmt := baseDeclStmt | accumDeclStmt
functionBodyStmt := assignStmt            // Assignment
                | vSetVarDeclStmt         // Declaration
                | gAccumAssignStmt        // Assignment
                | gAccumAccumStmt         // Assignment
                | funcCallStmt            // Function Call
                | functionBodyCaseStmt    // Control Flow
                | functionBodyIfStmt      // Control Flow
                | returnStmt              // Output
                | raiseStmt               // Exception

installFunction := INSTALL FUNCTION [installOptions]
                [[ packageName [ "." packageName "."]*
                [ "." functionName | "*" | "**"] | "**"| "ALL"]

showFunction := SHOW FUNCTION [ * | "-r" stringLiteral
            |[ packageName [ "." packageName "."]*
            [ "." functionName | "*" ] ]

dropFunction := DROP FUNCTION packageName
            ["." packageName "."]* [ "." functionName | "*" ]

EBNF for the Object-Based Privileges

grantObjectBasePrivilege := GRANT privilegeNames ON privilegeObjects [IN privilegeScopes]? TO userOrRoleNames

revokeObjectBasePrivilege := REVOKE privilegeNames ON privilegeObjects [IN privilegeScopes]? FROM userOrRoleNames

privilegeNames := privilegeName ["," privilegeName]*

privilegeName := "ACCESS" | "CLEAR_GRAPHSTORE" | "CREATE" |
                "DELETE" | "DROP" | "DROP_ALL" | "EXPORT" |
                "EXECUTE" | "READ" | "UPDATE" | "USE" | "WRITE"

privilegeObjects := privilegeObject ["," privilegeObject]*

privilegeObject := "GLOBAL" | "ALL" objectTypePlurals |
                objectTypeNames

objectTypePlurals := objectTypePlural [","objectTypePlural]*

objectTypePlural := "APP_DATA" | "DATA" | "DATASOURCES"|
                    "FILES" | "FUNCTIONS" | "GRAPHS" |
                    "LOADINGJOBS" | "POLICIES" | "PROXYGROUPS" |
                    "QUERIES" | "ROLES" | "TAGS" | "USERS"

objectTypeNames := objectTypeName ["," objectTypeName]*

objectTypeName := "GLOBAL"| vertexObject | edgeObject |
                "APP_DATA" | "DATA" | "DATASOURCE"| "FILE" |
                "FUNCTION" | "GRAPH" | "LOADINGJOB" | "POLICY" | "PROXYGROUP" | "QUERY" | "ROLE" | "TAG" | "USER"

vertexObject := "VERTEX" vertexName ["ATTRIBUTE"attributeNames]?

edgeObject := "EDGE" vertexName ["ATTRIBUTE" attributeNames]? attributeNames := attributeName ["," attributeNames]*

privilegeScopes := privilegeScope ["," privilegeScope]*

privilegeScope := "GLOBAL" | "GRAPH" graphName [","graphName]* |
                "PACKAGE" packageNameList ["," packageNameList]*

packageNameList := packageName ["." packageName]*

EBNF for Row Policy

applyRowPolicy := ALTER VERTEX vertexName IN [ GLOBAL |
                GRAPH graphName ]
                SET ROW POLICY packageName ["." packageName "."]* "."
                functionName ON "(" [ attributeList ] ")" [ "-n" ]?

clearRowPolicy := ALTER VERTEX vertexName IN [ GLOBAL |
                GRAPH graphName ] CLEAR ROW POLICY [ "-n" ]?

showRowPolicy := SHOW ROW POLICY [ ON vertexName ]?
attributeList := attributeName [ "," attributeName ]*