RBAC custom privilege group

Signed-off-by: shaoting-huang <shaoting.huang@zilliz.com>

proto/common.proto

@@ -73,6 +73,10 @@ enum ErrorCode {
     NotReadyServe = 56;
     // Coord is switching from standby mode to active mode
     NotReadyCoordActivating = 57;
+    CreatePrivilegeGroupFailure = 58;
+    DropPrivilegeGroupFailure = 59;
+    ListPrivilegeGroupsFailure = 60;
+    OperatePrivilegeGroupFailure = 61;
 
     // Service availability.
     // NA: Not Available.
@@ -278,6 +282,11 @@ enum MsgType {
     SelectGrant = 1607;
     RefreshPolicyInfoCache = 1608;
     ListPolicy = 1609;
+    CreatePrivilegeGroup = 1610;
+    DropPrivilegeGroup = 1611;
+    ListPrivilegeGroups = 1612;
+    OperatePrivilegeGroup = 1613;
+
 
     /* Resource group */
     CreateResourceGroup = 1700;
@@ -419,6 +428,11 @@ enum ObjectPrivilege {
     PrivilegeGroupReadOnly = 53;
     PrivilegeGroupReadWrite = 54;
     PrivilegeGroupAdmin = 55;
+
+    PrivilegeCreatePrivilegeGroup = 56;
+    PrivilegeDropPrivilegeGroup = 57;
+    PrivilegeListPrivilegeGroups = 58;
+    PrivilegeOperatePrivilegeGroup = 59;
 }
 
 message PrivilegeExt {

proto/milvus.proto

@@ -140,6 +140,11 @@ service MilvusService {
 
   rpc BackupRBAC(BackupRBACMetaRequest) returns (BackupRBACMetaResponse){}
   rpc RestoreRBAC(RestoreRBACMetaRequest) returns (common.Status){}
+
+  rpc CreatePrivilegeGroup(CreatePrivilegeGroupRequest) returns (common.Status) {}
+  rpc DropPrivilegeGroup(DropPrivilegeGroupRequest) returns (common.Status) {}
+  rpc ListPrivilegeGroups(ListPrivilegeGroupsRequest) returns (ListPrivilegeGroupsResponse) {}
+  rpc OperatePrivilegeGroup(OperatePrivilegeGroupRequest) returns (common.Status) {}
 }
 
 message CreateAliasRequest {
@@ -1462,6 +1467,66 @@ message DropRoleRequest {
   bool force_drop = 3;
 }
 
+message CreatePrivilegeGroupRequest {
+  option (common.privilege_ext_obj) = {
+    object_type: Global
+    object_privilege: PrivilegeCreatePrivilegeGroup
+    object_name_index: -1
+  };
+  // Not useful for now
+  common.MsgBase base = 1;
+  // group name
+  string group_name = 2;
+}
+
+message DropPrivilegeGroupRequest {
+  option (common.privilege_ext_obj) = {
+    object_type: Global
+    object_privilege: PrivilegeDropPrivilegeGroup
+    object_name_index: -1
+  };
+  // Not useful for now
+  common.MsgBase base = 1;
+  // group name
+  string group_name = 2;
+}
+
+message ListPrivilegeGroupsRequest {
+  option (common.privilege_ext_obj) = {
+    object_type: Global
+    object_privilege: PrivilegeListPrivilegeGroups
+    object_name_index: -1
+  };
+  // Not useful for now
+  common.MsgBase base = 1;
+}
+
+message ListPrivilegeGroupsResponse {
+  common.Status status = 1;
+  repeated PrivilegeGroupInfo privilege_groups = 2;
+}
+
+message OperatePrivilegeGroupRequest {
+  option (common.privilege_ext_obj) = {
+    object_type: Global
+    object_privilege: PrivilegeOperatePrivilegeGroup
+    object_name_index: -1
+  };
+  // Not useful for now
+  common.MsgBase base = 1;
+  // group name
+  string group_name = 2;
+  // privileges
+  repeated PrivilegeEntity privileges = 3;
+  // operation type
+  OperatePrivilegeGroupType type = 4;
+}
+
+enum OperatePrivilegeGroupType {
+  AddPrivilegesToGroup = 0;
+  RemovePrivilegesFromGroup = 1;
+}
+
 enum OperateUserRoleType {
   AddUserToRole = 0;
   RemoveUserFromRole = 1;
@@ -1483,6 +1548,11 @@ message OperateUserRoleRequest {
   OperateUserRoleType type = 4;
 }
 
+message PrivilegeGroupInfo {
+  string group_name = 1;
+  repeated PrivilegeEntity privileges = 2;
+}
+
 message SelectRoleRequest {
   option (common.privilege_ext_obj) = {
     object_type: Global
@@ -1616,6 +1686,8 @@ message RBACMeta {
   repeated milvus.RoleEntity roles = 2;
   // (role, object, previledge)
   repeated milvus.GrantEntity grants = 3;
+  // privilege group info
+  repeated milvus.PrivilegeGroupInfo privilege_groups = 4;
 }
 
 message BackupRBACMetaRequest {