diff --git a/content/docs/concepts/roles-and-permissions.md b/content/docs/concepts/roles-and-permissions.md
index a13949f3..37abf95f 100644
--- a/content/docs/concepts/roles-and-permissions.md
+++ b/content/docs/concepts/roles-and-permissions.md
@@ -18,7 +18,7 @@ Users can also be granted `Workspace Admin`, `Workspace DBA`. These 2 roles shou
**Project Roles**
-- Built-in roles: `Project Owner`, `Project Developer`, `Project Releaser`, `Project Querier`, `Project Exporter`, `Project Viewer`.
+- Built-in roles: `Project Owner`, `Project Developer`, `Project Releaser`, `SQL Editor User` (previously called `Project Querier`), `Project Exporter`, `Project Viewer`.
- [Custom roles](/docs/administration/custom-roles/).
In addition to the inherent `Workspace Member` role, most users will be granted project roles. These roles
@@ -89,7 +89,7 @@ By default, the first registered user is granted the `Admin` role, all following
Any user can create project. By default, the project creator is granted the `Project Owner` role.
`Workspace DBA` and `Workspace Admin` assume the `Project Owner` role for all projects.
-| Project Permission | Project Querier | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
+| Project Permission | SQL Editor User | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
| ---------------------------- | --------------- | ---------------- | ----------------- | ------------- | ------------- | --------------- |
| Sync sheet from VCS | | | ✔️ | ✔️ | ✔️ | ✔️ |
| Change project role | | | | ✔️ | ✔️ | ✔️ |
@@ -101,7 +101,7 @@ Any user can create project. By default, the project creator is granted the `Pro
Bytebase does not define database specific roles. Whether a user can perform certain action to the database is based on the user's Workspace role and the role of the project owning the database.
-| Database Permission | Project Querier | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
+| Database Permission | SQL Editor User | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
| ------------------- | --------------- | ---------------- | ----------------- | ------------- | ------------- | --------------- |
| Query | ✔️ | | | ✔️ | ✔️ | ✔️ |
| Export | | ✔️ | | ✔️ | ✔️ | ✔️ |
@@ -120,7 +120,7 @@ User can save sheets from [SQL Editor](/docs/sql-editor/overview). A sheet alway
### Private Sheet
-| Permission | Creator | Project Querier | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
+| Permission | Creator | SQL Editor User | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
| ---------- | ------- | --------------- | ---------------- | ----------------- | ------------- | ------------- | --------------- |
| Star | ✔️ | | | | | | |
| Read | ✔️ | | | | | | |
@@ -129,7 +129,7 @@ User can save sheets from [SQL Editor](/docs/sql-editor/overview). A sheet alway
### Project Sheet
-| Permission | Creator | Project Querier | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
+| Permission | Creator | SQL Editor User | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
| ---------- | ------- | --------------- | ---------------- | ----------------- | ------------- | ------------- | --------------- |
| Star | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Read | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
@@ -138,7 +138,7 @@ User can save sheets from [SQL Editor](/docs/sql-editor/overview). A sheet alway
### Public Sheet
-| Permission | Creator | Project Querier | Project Exporter | Project Developer | Project Owner | Others |
+| Permission | Creator | SQL Editor User | Project Exporter | Project Developer | Project Owner | Others |
| ---------- | ------- | --------------- | ---------------- | ----------------- | ------------- | ------ |
| Star | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Read | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
@@ -147,7 +147,7 @@ User can save sheets from [SQL Editor](/docs/sql-editor/overview). A sheet alway
## Issue permissions
-| Issue Permission | Assignee | Creator | Project Querier | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
+| Issue Permission | Assignee | Creator | SQL Editor User | Project Exporter | Project Developer | Project Owner | Workspace DBA | Workspace Admin |
| ------------------------- | -------- | ------- | --------------- | ---------------- | ----------------- | ------------- | ------------- | --------------- |
| Create issue | N/A | N/A | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Re-assign issue | ✔️ | ✔️ | | | | | ✔️ | ✔️ |
diff --git a/content/docs/security/database-permission/overview.md b/content/docs/security/database-permission/overview.md
index fba34a24..133c123c 100644
--- a/content/docs/security/database-permission/overview.md
+++ b/content/docs/security/database-permission/overview.md
@@ -19,7 +19,7 @@ Database permission controls individual users' or groups' actions within the dat
| Workspace DBA | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Project Owner | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Project Developer | | | | \* | \* | |
-| Project Querier | ✅ | ✅ | | ✅ | ✅ | |
+| SQL Editor User | ✅ | ✅ | | ✅ | ✅ | |
| Project Exporter | | | ✅ | | | |
| Project Releaser | | | | | | |
| Project Viewer | | | | | | |
diff --git a/content/docs/security/database-permission/query.md b/content/docs/security/database-permission/query.md
index 2b87e5cb..5d554e7e 100644
--- a/content/docs/security/database-permission/query.md
+++ b/content/docs/security/database-permission/query.md
@@ -4,9 +4,9 @@ title: Data Query
Bytebase users query data from [SQL Editor](/docs/sql-editor/run-queries/). Bytebase can enforce query access control for a particular user at the database, schema or table level.
-## Assign Project Querier Role
+## Assign SQL Editor User Role
-`Workspace Admin`, `Workspace DBA` or `Project Owner` can manually grant `Project Querier` role to users/groups.
+`Workspace Admin`, `Workspace DBA` or `Project Owner` can manually grant `SQL Editor User` role to users/groups.
### Assign at Project level
@@ -14,7 +14,7 @@ Bytebase users query data from [SQL Editor](/docs/sql-editor/run-queries/). Byte
-Select Users or Groups, assign `Project Querier` role, choose the database object, Expiration and click **Confirm**.
+Select Users or Groups, assign `SQL Editor User` role, choose the database object, Expiration and click **Confirm**.
You can choose the entire database, a particular schema, or a particular table.
@@ -22,19 +22,19 @@ You can choose the entire database, a particular schema, or a particular table.
### Assign at Workspace level
-`Workspace Admin` can assign `Project Querier` role at the workspace level. This will grant query permission to _all databases_ within _all projects_.
+`Workspace Admin` can assign `SQL Editor User` role at the workspace level. This will grant query permission to _all databases_ within _all projects_.
-From the workspace page, go to **IAM & Admin > Members**, **Grant Access** to Select users/groups and assign `Project Querier` to them.
+From the workspace page, go to **IAM & Admin > Members**, **Grant Access** to Select users/groups and assign `SQL Editor User` to them.
-## Request Project Querier Role
+## Request SQL Editor User Role
-Users can also apply for `Project Querier` role by submitting an issue. Approval flow matches the `Request Querier Role` in [custom approval](/docs/administration/custom-approval/) if configured.
+Users can also apply for `SQL Editor User` role by submitting an issue. Approval flow matches the `Request Querier Role` in [custom approval](/docs/administration/custom-approval/) if configured.
### Request at Project level
diff --git a/content/docs/tutorials/api-user-database-permission.md b/content/docs/tutorials/api-user-database-permission.md
index e265bd44..43ee3be0 100644
--- a/content/docs/tutorials/api-user-database-permission.md
+++ b/content/docs/tutorials/api-user-database-permission.md
@@ -118,18 +118,18 @@ Let's dig into the code:
```json
{
- "role": "roles/projectQuerier",
+ "role": "roles/sqlEditorUser",
"members": ["user:dev@x.com", "user:dev2@x.com"],
"condition": {
"expression": "(resource.database in [\"instances/test-sample-instance/databases/hr_test\"])",
- "title": "project querier hr_prod",
+ "title": "SQL Editor User hr_prod",
"description": "",
"location": ""
}
}
```
- This grants the `projectQuerier` role only for the `hr_test` database in `test-sample-instance`.
+ This grants the `SQL Editor User` role only for the `hr_test` database in `test-sample-instance`.
1. When processing IAM policies, handle [CEL (Common Expression Language)](https://cel.dev/) format conditions carefully. In this demo, we parse these conditions using a custom `parseCelExpression` function:
diff --git a/content/docs/tutorials/how-to-manage-data-access-for-developers.md b/content/docs/tutorials/how-to-manage-data-access-for-developers.md
index 55048fb4..6d9b6f54 100644
--- a/content/docs/tutorials/how-to-manage-data-access-for-developers.md
+++ b/content/docs/tutorials/how-to-manage-data-access-for-developers.md
@@ -69,7 +69,7 @@ Log in as `Developer`, and you can see `Sample Project`. Enter **SQL Editor** on
### Admin grants data query access directly
-1. Log in as `Admin`, and go to `Sample Project`. Click **Members** and then **Grant Access**. Choose `Developer` and assign the role `Project Querier`, `All` for **Databases**. Click **Confirm**.
+1. Log in as `Admin`, and go to `Sample Project`. Click **Members** and then **Grant Access**. Choose `Developer` and assign the role `SQL Editor User`, `All` for **Databases**. Click **Confirm**.
1. Log in as `Developer`, and go to SQL Editor. You can see all databases under `Test` and `Prod` environment. Select `hr_prod`, input `SELECT * FROM employee;` and run, you can see the result. Change `employee` to any other tables and run, you can see data as well.
diff --git a/content/docs/tutorials/how-to-manage-roles.md b/content/docs/tutorials/how-to-manage-roles.md
index fb9e06a2..5ae2062a 100644
--- a/content/docs/tutorials/how-to-manage-roles.md
+++ b/content/docs/tutorials/how-to-manage-roles.md
@@ -23,7 +23,7 @@ A typical requirement is to create a `Manager` role in Bytebase who can only rol
- **Project Owner**: All permissions within the project
- **Project Developer**: All viewer permissions, plus permissions for requesting database changes.
- - **Project Querier**: Permissions for querying database data.
+ - **SQL Editor User**: Permissions for querying database data.
- **Project Exporter**: Permissions for exporting database data.
- **Project Releaser**: All viewer permissions, plus permission for reviewing database change requests for release purposes.
- **Project Viewer**: Read-only permissions for viewing basic project information, accessing databases, and initiating privilege requests.
diff --git a/public/content/docs/security/database-permission/query/assign-workspace.webp b/public/content/docs/security/database-permission/query/assign-workspace.webp
index 866d2a15..021777ef 100644
Binary files a/public/content/docs/security/database-permission/query/assign-workspace.webp and b/public/content/docs/security/database-permission/query/assign-workspace.webp differ
diff --git a/public/content/docs/security/database-permission/query/project-members-grant.webp b/public/content/docs/security/database-permission/query/project-members-grant.webp
index d746b138..e43b2da3 100644
Binary files a/public/content/docs/security/database-permission/query/project-members-grant.webp and b/public/content/docs/security/database-permission/query/project-members-grant.webp differ
diff --git a/public/content/docs/security/database-permission/query/project-members-querier.webp b/public/content/docs/security/database-permission/query/project-members-querier.webp
index cb86fac7..5562ff34 100644
Binary files a/public/content/docs/security/database-permission/query/project-members-querier.webp and b/public/content/docs/security/database-permission/query/project-members-querier.webp differ
diff --git a/public/content/docs/tutorials/how-to-manage-roles/bb-system-roles.webp b/public/content/docs/tutorials/how-to-manage-roles/bb-system-roles.webp
index d050d849..fcf17d23 100644
Binary files a/public/content/docs/tutorials/how-to-manage-roles/bb-system-roles.webp and b/public/content/docs/tutorials/how-to-manage-roles/bb-system-roles.webp differ