[TECH DEBT]: Consistent naming with access controls

[JCZuurmond]

Is there an existing issue for this?

• I have searched the existing issues

Problem statement

Currently, we mix naming of access control related resources which makes it confusing to read the code.

Definitions

• Access control lists configure permissions to access workspace level objects
• Privileges (legacy & UC) always define access to securable objects in hive metastore or Unity Catalog.
• Privilege types define abilities on securable objects (legacy & UC)
• Manage privileges with grant, revoke, deny and msck commands in the legacy hive metastore) or grant and revoke commands in Unity Catalog
• Inheritance of privileges following this model
• Prinicipal is a user, service principal, or group

Notes

• A "grant" is a verb (like "revoke") while in our code it is a noun
• Privileges on securable objects are inferred from ACLs to compute resources:
  • get_interactive_cluster_grants -> infer_privileges_from_compute_access_control_lists (leaving "securable objects" out of the name for brevity)
• Principal in PrincipalACL is redundant as a access control list (ACL) is always assigned (assignment) to a principal. test_principal_grants.py
• I do not know the difference between permissions and privileges (yet). I think permissions are only assigned to workspace level objects, where privileges are assigned to securable data objects.

Please extend where I missed.

Proposed Solution

Go over the documentation and apply naming consistently in the code. Also document the definitions from the online databricks documentation in our code.

Additional Context

No response