User role management

[lolski]

Implement user role management commands supporting the following functionalities:

1. Role CRUD
2. Assigning a role to a user

Role

> role create <role-name> [<privilege>, ...]
role created.

> role delete <role-name>

> role get <role-name> permission set [<privilege>, ...]
> role get <role-name> permission add <privilege>
> role get <role-name> permission remove <privilege>
role updated.

> role list
+-----+---------------+-------------------------+
| no. | name          | privileges              |
+-----+---------------+-------------------------+
| 1.  | admin         | user:create             |
|     |               | user:list               |
|     |               | user:delete             |
|     |               | database:create         |
|     |               | database:list           |
|     |               | database:delete         |
|     |               | access:*:*:*            |
| 2.  | role1         | access:db1:*            |
|     |               | access:db2:data:read    |
| 3.  | role2         | access:db2:*            |
+-----+---------------+-------------------------+

Privileges

- user:create
- user:list
- user:delete
- database:create
- database:list
- database:delete
- access:*:schema:write
- access:*:schema:read
- access:*:data:write
- access:*:data:read

Access

1. schema:write:
   • implies schema:read
2. schema:read
3. data:write:
   • implies schema:read
   • implies data:read
4. data:read:
   • implies schema:read

Wildcard

1. user:*
2. access:*:*:*
3. access:*:data:read

User

> user list
+-----+--------+-----------------+
| no. | name   | role            | 
+-----+--------+-----------------|
| 1.  | admin  | admin           |
| 2.  | user1  | role1           |
| 3.  | user2  | role1           |
| 4.  |        | role2           |
+-----+--------+-----------------+