#80 ⁃ Documentation: astra_role, what is the format of a DRN resource string and policy?

➤ Erik Merkle commented:

> Could the DRN resource be more granular than that? For example, userA can only read a single table named

You are correct. You can be more specific. Our tests actually have some other examples here ( https://github.com/datastax/terraform-provider-astra/blob/main/internal/provider/resource_role_test.go#L43-L51 ). Again, I'll update the docs to demonstrate this.

➤ Tri Nguyen commented:

> The format is "drn:astra:org:<organization UUID>"

Could the DRN resource be more granular than that? For example, userA can only read a single table named myKeyspace.myTable1.

➤ Erik Merkle commented:

Same as #79, I will wait to close this once the docs have been updated, but to answer your questions:

> * Describe the format of a DRN resource string. Give a couple of example of the possible variations of resource string

The format is "drn:astra:org:<organization UUID>" where organization UUID is the UUID of the Astra organization you want to create your database in. The example in the docs doesn't really have any variation other than the UUID of the org. The drn:astra:org: part, for now, is required and doesn't have any other variations.

> * What are the valid values for policy ?

That list is rather long, but is documented here: https://docs.datastax.com/en/astra/docs/user-permissions.html#_operational_roles_detail . You may also find some more infor regarding custom roles here: https://docs.datastax.com/en/astra/docs/manage-custom-user-roles.html