jerqi commented on code in PR #4496: URL: https://github.com/apache/gravitino/pull/4496#discussion_r1718084190
########## docs/security/access-control.md: ########## @@ -0,0 +1,641 @@ +--- +title: "Access Control" +slug: /security/access-control +keyword: security +license: "This software is licensed under the Apache License version 2." +--- + +## Overview + +Gravitino adopts RBAC and DAC. + +Role-based Access Control (RBAC): Access privileges are assigned to roles, which are in turn assigned to users or groups. + +Discretionary Access Control(DAC): Each metadata object has an owner, who can in turn grant access to that object. + +:::info + +Gravitino only supports authorization for securable objects, when Gravitino supports to pass the privileges to underlying authorization plugin. +Gravitino doesn't support metadata authentication. It means that Gravitino won't check the privileges when Gravitino receives the requests. + +::: + + +## Concept + +### Role + +A metadata object to which privileges can be granted. Roles are in turn assigned to users or groups. + +### Privilege + +A defined level of access to an object. Multiple distinct privileges may be used to control the granularity of access granted. + +### User + +A user identity recognized by Gravitino. External user system instead of Gravitino manages users. Review Comment: Done. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
