AuthorizeKey and Server Authorization

Author: jaceklaskowski

docs/server-authorization/AuthorizeKey.md

@@ -0,0 +1,21 @@
+# AuthorizeKey
+
+`AuthorizeKey` defines authorization policies of the API services of [UnityCatalogServer](../server/UnityCatalogServer.md) for [Server Authorization](index.md):
+
+* [CatalogService](../server/CatalogService.md)
+* [FunctionService](../server/FunctionService.md)
+* [ModelService](../server/ModelService.md)
+* [PermissionService](../server/PermissionService.md)
+* [SchemaService](../server/SchemaService.md)
+* [Scim2UserService](../server/Scim2UserService.md)
+* [TableService](../server/TableService.md)
+* [TemporaryPathCredentialsService](../server/TemporaryPathCredentialsService.md)
+* [VolumeService](../server/VolumeService.md)
+
+Every operation of an API service is decorated with `AuthorizeKey` annotation for server authorization.
+
+`AuthorizeKey` consists of a [SecurableType](../basic-server-access-control/index.md#securables) and an optional name of the securable.
+
+`AuthorizeKey` maps request parameters to [SecurableType](../basic-server-access-control/index.md#securables)s (default: (empty)).
+
+The Unity Catalog server uses [UnityAccessDecorator](UnityAccessDecorator.md) to [findAuthorizeKeys](UnityAccessDecorator.md#findAuthorizeKeys).

docs/server-authorization/AuthorizeKeys.md

@@ -0,0 +1,3 @@
+# AuthorizeKeys
+
+`AuthorizeKeys` maps multiple [AuthorizeKey](AuthorizeKey.md)s to a request payload parameter.

docs/server-authorization/UnityAccessDecorator.md

@@ -84,6 +84,20 @@ serviceName = [serviceName], methodName = [methodName]
 
 `findServiceMethod` returns the one and only `methodName` method of the `Class`, if found. Otherwise, it's undefined (`null`).
 
+### Find Authorize Keys { #findAuthorizeKeys }
+
+```java
+List<KeyLocator> findAuthorizeKeys(
+  Method method)
+```
+
+??? note "Static Method"
+    `findAuthorizeKeys` is a Java **class method** to be invoked without a reference to a particular object.
+
+    Learn more in the [Java Language Specification]({{ java.spec }}/jls-8.html#jls-8.4.3.2).
+
+`findAuthorizeKeys`...FIXME
+
 ### Find Authorize Expression { #findAuthorizeExpression }
 
 ```java

docs/server/TableService.md

@@ -1,6 +1,6 @@
 # TableService
 
-`TableService` is an API service that [UnityCatalogServer](UnityCatalogServer.md) uses to handle HTTP requests at `/api/2.1/unity-catalog/tables` URL.
+`TableService` is an API service of [UnityCatalogServer](UnityCatalogServer.md) to handle HTTP requests at `/api/2.1/unity-catalog/tables` URL.
 
 Method | URL | Handler | Params
 -|-|-|-
@@ -39,6 +39,15 @@ HttpResponse createTable(
   CreateTable createTable)
 ```
 
+`createTable` handles `POST` requests with the following [AuthorizeKeys](../server-authorization/AuthorizeKeys.md):
+
+Value | Key
+-|-
+ `SCHEMA` | `schema_name`
+ `CATALOG` | `catalog_name`
+
+---
+
 `createTable` requests the system-wide [TableRepository](#TABLE_REPOSITORY) instance to [persist](../persistent-storage/TableRepository.md#createTable) the given [table metadata](CreateTable.md).
 
 ## List Tables { #listTables }