jerqi commented on code in PR #4624: URL: https://github.com/apache/gravitino/pull/4624#discussion_r1726671658
########## docs/security/access-control.md: ########## @@ -20,24 +42,90 @@ Gravitino doesn't support metadata authentication. It means that Gravitino won't ::: - ## Concept +### Authorization + +Gravitino also provides a set of authorization frameworks to interact with different underlying data source +authorization systems (e.g., MySQL's own permission management and the Apache Ranger permission management system for big data) +in accordance with its own authorization model and methodology. +More information you can see [Authorization push down](authorization-pushdown.md). + +### Authentication + +As mentioned above, Gravitino uses Ownership to control the rights of resources in the management category and uses Role to control the permissions of operations in the operation category, +so when a user performs a specific operation on a specified resource, +Gravitino will perform a composite authentication on the Ownership and Role to which the resource belongs. +When a user has more than one Role, Gravitino will use the user's current Role for authentication, and the user can switch the current Role to access different resources. + +#### Permission fuzzy matching Review Comment: This is duplicated with object iheritance. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
