add documentation

Author: Denchick

docs/configuration/auth.mdx

@@ -1,6 +1,6 @@
 ---
 title: Auth settings
-Description: auth, tls, frontend_tls, etc.
+description: auth, tls, frontend_tls, etc.
 ---
 
 ## General Settings

docs/configuration/coordinator.mdx

@@ -12,16 +12,18 @@ Refer to the [pkg/config/coordinator.go](https://github.com/pg-sharding/spqr/blo
 
 ## Coordinator Settings
 
-| Setting                  | Description                                                   | Possible Values       |
-|--------------------------|---------------------------------------------------------------|-----------------------|
-| `log_level`              | The level of logging output.                                  | `debug`, `info`, `warning`, `error`, `fatal`|
-| `pretty_logging`         | Whether to write logs in an colorized, human-friendly format. | `true`, `false`       |
-| `qdb_addr`               | the address of the QDB server                                 | Any valid address     |
-| `host`                   | The host address the coordinator listens on.                  | Any valid hostname    |
-| `coordinator_port`       | The port number for the coordinator.                          | Any valid port number |
-| `grpc_api_port`          | The port number for the gRPC API.                             | Any valid port number |
-| `auth`                   | See [auth.mdx](./auth)                                        | Object of `AuthCfg`   |
-| `frontend_tls`           | See [auth.mdx](./auth)                                        | Object of `TLSConfig` |
-| `use_systemd_notifier`   | Whether to use systemd notifier.                              | `true`, `false`       |
-| `systemd_notifier_debug` | Whether to run systemd notifier in debug mode.                | `true`, `false`       |
+| Setting                  | Description                                                        | Possible Values       |
+|--------------------------|--------------------------------------------------------------------|-----------------------|
+| `log_level`              | The level of logging output.                                       | `debug`, `info`, `warning`, `error`, `fatal`|
+| `pretty_logging`         | Whether to write logs in an colorized, human-friendly format.      | `true`, `false`       |
+| `qdb_addr`               | the address of the QDB server                                      | Any valid address     |
+| `host`                   | The host address the coordinator listens on.                       | Any valid hostname    |
+| `coordinator_port`       | The port number for the coordinator.                               | Any valid port number |
+| `grpc_api_port`          | The port number for the gRPC API.                                  | Any valid port number |
+| `auth`                   | See [auth.mdx](./auth)                                             | Object of `AuthCfg`   |
+| `frontend_tls`           | See [auth.mdx](./auth)                                             | Object of `TLSConfig` |
+| `use_systemd_notifier`   | Whether to use systemd notifier.                                   | `true`, `false`       |
+| `systemd_notifier_debug` | Whether to run systemd notifier in debug mode.                     | `true`, `false`       |
+| `enable_role_system`     | Whether to enable the [role-based access control system](./roles). | `true`, `false`       |
+| `roles_file`             | The file path to the [roles](./roles) configuration.               | Any valid file path   |
 

docs/configuration/roles.mdx

@@ -0,0 +1,47 @@
+---
+title: Roles settings
+description: Specify readers, writes, admins
+---
+
+## Roles
+
+Roles represents a collection of table groups. It is used to define and manage groups of tables in the configuration. The structure supports JSON, TOML, and YAML serialization formats.
+
+By default, the role system is disabled. To enable it, you have to specify `enable_role_system: true` and `roles_file` settings in both your [router's](./router) and [coordinator's](./coordinator) config.
+
+Refer to the [pkg/config/roles.go](https://github.com/pg-sharding/spqr/blob/master/pkg/config/roles.go) file for the most up-to-date configuration options.
+
+## Table Group
+
+TableGroup represents a group of tables with associated roles and permissions.
+
+| Setting  | Description                                           | Possible Values       |
+|----------|-------------------------------------------------------|-----------------------|
+| `id`     | Unique identifier for the table group.                | Any string value      |
+| `readers`| List of users with read access to the table group.    | Array of string values|
+| `writers`| List of users with write access to the table group.   | Array of string values|
+| `admins` | List of users with admin access to the table group.   | Array of string values|
+
+## Example
+
+For example, let's assume we have the following roles configuration:
+
+```yaml
+table_groups:
+  - id: "example_table_group"
+    readers:
+      - "user1"
+      - "user2"
+      - "user3"
+    writers:
+      - "prod_user"
+    admins:
+      - "admin_user"
+```
+
+When we try to connect to (any) database as user user1 and run a modify query, we get something like this: 
+
+```sql
+CREATE KEY RANGE krid2 FROM 11 ROUTE TO sh2 FOR DISTRIBUTION ds1;
+ERROR:  permission denied for user=user1 dbname=prod
+```

docs/configuration/router.mdx

@@ -12,15 +12,17 @@ Refer to the [pkg/config/router.go](https://github.com/pg-sharding/spqr/blob/mas
 
 ## General Settings
 
-| Setting                  | Description                                                   | Possible Values         |
-|--------------------------|---------------------------------------------------------------|-------------------------|
-| `log_level`              | The level of logging output.                                  | `debug`, `info`, `warning`, `error`, `fatal`|
-| `pretty_logging`         | Whether to write logs in an colorized, human-friendly format. | `true`, `false`         |
-| `daemonize`              | Whether to run the router as a daemon.                        | `true`, `false`         |
-| `reuse_port`             | Whether to create a socket with SO_REUSEPORT and SO_REUSEADDR options | `true`, `false` |
-| `use_systemd_notifier`   | Whether to use systemd notifier.                              | `true`, `false`         |
-| `systemd_notifier_debug` | Whether to run systemd notifier in debug mode.                | `true`, `false`         |
-| `with_coordinator`       | Whether to run the router in a special coordinator mode.      | `true`, `false`         |
+| Setting                  | Description                                                        | Possible Values     |
+|--------------------------|--------------------------------------------------------------------|---------------------|
+| `log_level`              | The level of logging output.                                       | `debug`, `info`, `warning`, `error`, `fatal`|
+| `pretty_logging`         | Whether to write logs in an colorized, human-friendly format.      | `true`, `false`     |
+| `daemonize`              | Whether to run the router as a daemon.                             | `true`, `false`     |
+| `reuse_port`             | Whether to create a socket with SO_REUSEPORT and SO_REUSEADDR options. | `true`, `false` |
+| `use_systemd_notifier`   | Whether to use systemd notifier.                                   | `true`, `false`     |
+| `systemd_notifier_debug` | Whether to run systemd notifier in debug mode.                     | `true`, `false`     |
+| `with_coordinator`       | Whether to run the router in a special coordinator mode.           | `true`, `false`     |
+| `enable_role_system`     | Whether to enable the [role-based access control system](./roles). | `true`, `false`     |
+| `roles_file`             | The file path to the [roles](./roles) configuration.               | Any valid file path |
 
 ## Network Settings
 

docs/mint.json

@@ -80,7 +80,8 @@
                         "configuration/router",
                         "configuration/coordinator",
                         "configuration/balancer",
-                        "configuration/auth"
+                        "configuration/auth",
+                        "configuration/roles"
                     ]
                 },
                 {

docs/sharding/console/concepts.mdx

@@ -1,6 +1,6 @@
 ---
 title: 'Concepts'
-Description: 'Some SPQR Admin Console terms'
+description: 'Some SPQR Admin Console terms'
 ---
 
 

docs/sharding/console/how_to_connect.mdx

@@ -1,6 +1,6 @@
 ---
 title: 'How to connect'
-Description: 'SPQR router and coordinator admin console'
+description: 'SPQR router and coordinator admin console'
 ---
 
 import ConsoleExample from '/snippets/console_example.mdx';

docs/sharding/console/sql_commands.mdx

@@ -1,6 +1,6 @@
 ---
 title: 'SQL commands'
-Description: 'Create distributions, key ranges and tables and see cluster info'
+description: 'Create distributions, key ranges and tables and see cluster info'
 ---
 
 ### CREATE DISTRIBUTION