paimon icon indicating copy to clipboard operation
paimon copied to clipboard

Published 20 hours ago verified publisher icon apache

[core] Introduce privilege system for catalog based on FileSystem

Open tsreaper opened this issue 1 year ago • 2 comments

Purpose

This PR introduces an identity-based privilege system for catalogs. Catalogs can now be updated into a privileged catalogs, where privileged users can be created and granted privileges to tables, databases or the whole catalog.

Tests

  • PrivilegeManagerTest
  • PrivilegeProcedureITCase

API and Format

Yes. This PR introduces two new system tables: user and privilege.

User table is the table which stores all user information. The schema of user table is:

  • user (string): user name (primary key)
  • sha256 (bytes): sha256 of password

Privilege table is the table storing what privileges each user have. Its schema is:

  • name (string): user or role name (primary key)
  • entity_type (string): user or role (primary key)
  • identifier (string): identifier of object (primary key)
  • privilege (string): name of privilege (primary key), see PrivilegeType

Documentation

Yes. Document is also added.

tsreaper avatar Jan 25 '24 03:01 tsreaper

Please finish documentation in this PR.

JingsongLi avatar Jan 25 '24 05:01 JingsongLi

hi, @tsreaper , will there be plan to integrate with apache ranger in the future? like this: https://doris.apache.org/docs/dev/admin-manual/privilege-ldap/ranger/

zhangjun0x01 avatar Feb 26 '24 08:02 zhangjun0x01