databend icon indicating copy to clipboard operation
databend copied to clipboard
verified publisher icon datafuselabs

Tracking: Complete RBAC and Ownership model

Open flaneur2020 opened this issue 3 years ago • 1 comments

Background

Currently we already have got the RBAC framework on privileges. but still lacks the ownership model and some related stuffs:

  • each data object can be owned by an role
  • each user can have one primary role in a session, all the data objects created by this user is automatically owned by the primary role
  • the primary role can be switched by USE ROLE
  • if the current session do not have primary role, it'd default as PUBLIC role.

Goal

  • introduce Ownership model into databend
  • make it extensible with outer systems

Tasks

  • [x] https://github.com/datafuselabs/databend/issues/6804
  • [x] https://github.com/datafuselabs/databend/issues/6843
  • [x] https://github.com/datafuselabs/databend/issues/6864
  • [x] https://github.com/datafuselabs/databend/issues/7049
  • [ ] https://github.com/datafuselabs/databend/issues/6827
  • [ ] https://github.com/datafuselabs/databend/issues/6991
  • [ ] https://github.com/datafuselabs/databend/issues/6828
  • [ ] https://github.com/datafuselabs/databend/issues/6840
  • [ ] Removes TENANTSETTING

flaneur2020 avatar Jul 26 '22 11:07 flaneur2020

/assignme

flaneur2020 avatar Jul 26 '22 11:07 flaneur2020

We can add a short docs about RBAC and privileges system like this: https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization

flaneur2020 avatar Oct 24 '22 09:10 flaneur2020

This issue can be closed? @flaneur2020

bohutang avatar Jan 17 '23 04:01 bohutang

This issue can be closed? @flaneur2020

sorry for late response, I think this issue can be closed.

we already have got an working RBAC framework, the related tasks can be issued seperately outside this issue.

flaneur2020 avatar Feb 03 '23 11:02 flaneur2020