gravitino icon indicating copy to clipboard operation
gravitino copied to clipboard

Published 20 hours ago verified publisher icon apache

[#3342] feat(core): Refactor the role and privilege model

Open jerqi opened this issue 9 months ago • 2 comments

What changes were proposed in this pull request?

Add support for ALLOW/DENY effect for privileges. Move privileges from the role to the securable object.

Why are the changes needed?

Fix: #3342

Does this PR introduce any user-facing change?

Yes.

How was this patch tested?

UT passed.

jerqi avatar May 14 '24 11:05 jerqi

@jerqi is this ready for review?

jerryshao avatar May 16 '24 03:05 jerryshao

https://docs.starburst.io/latest/security/biac-privileges.html

jerqi avatar May 16 '24 04:05 jerqi

After last review,

  1. I remove bindPrivileges and make the interface immutable.
  2. I change the effect to condition.

Could you give me further review? @jerryshao

qqqttt123 avatar May 20 '24 12:05 qqqttt123

@jerryshao Could you review again?

jerqi avatar May 21 '24 10:05 jerqi

@jerryshao Comments are addressed.

qqqttt123 avatar May 22 '24 01:05 qqqttt123