pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [pulsar] sijie commented on issue #5720: authorize tenant level and namespace level access from the authorization provider
Date Tue, 04 Feb 2020 20:42:12 GMT
sijie commented on issue #5720: authorize tenant level and namespace level access from the
authorization provider
URL: https://github.com/apache/pulsar/issues/5720#issuecomment-582105461
 
 
   @jiazhai @tuteng
   
   I think the issue is asking for interfaces to be added to AuthorizationProvider. The default
implementation can remain the same. The interfaces allow external parties to customize their
own authorization implementation. 
   
   The authorization provider can be enhanced into an extensible interface. What an authorization
provider provides is if a `role` is able to apply a `verb`/`action` to a given `resource`.
   
   The resources are:
   
   - `tenant`
   - `namespace`
   - `topic`
   - `subscription`
   - `functions`
   - `connectors`
   
   For each resource, there are certain verbs and actions available for operating those resources.
The authorization provider provides an implementation to check if a `role` is allowed to apply
a certain `verb` over a `resource`.
   
   If we can abstract the authorization provider, it allows people to customize its own authorization
provider implementation to allow finer granularity access controls.  
   
   For the default implementation, Pulsar has, we can keep it as is due to the concerns raised
around PIP-49.
   
   Does that make sense?
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message