FANNG1 commented on code in PR #9380: URL: https://github.com/apache/gravitino/pull/9380#discussion_r2592140154
########## docs/iceberg-rest-service.md: ########## @@ -676,3 +699,97 @@ sh ./dev/docker/build-docker.sh --platform linux/arm64 --type iceberg-rest-serve ``` You could try Spark with Gravitino REST catalog service in our [playground](./how-to-use-the-playground.md#using-apache-iceberg-rest-service). + +## Quick Start: Enable Access Control for Iceberg REST Server + +To enable access control for the Iceberg REST server using Gravitino's dynamic configuration provider, follow these steps: + +### 1. Enable Authorization and Dynamic Config Provider + +Add the following to your Gravitino Iceberg REST server configuration (e.g., `gravitino-iceberg-rest-server.conf`): + +```properties +gravitino.authorization.enable = true +gravitino.authorization.serviceAdmins = adminUser + +gravitino.iceberg-rest.catalog-config-provider = dynamic-config-provider +gravitino.iceberg-rest.gravitino-uri = http://127.0.0.1:8090 +gravitino.iceberg-rest.gravitino-metalake = test +``` + +Restart the Iceberg REST server after updating the configuration. + +--- + +### 2. Create a Metalake + +```shell +curl -X POST -H "Accept: application/vnd.gravitino.v1+json" \ +-H "Content-Type: application/json" -d '{ + "name": "test" +}' http://localhost:8090/api/metalakes +``` + +--- + +### 3. Create a Catalog + +```shell +curl -X POST -H "Accept: application/vnd.gravitino.v1+json" \ +-H "Content-Type: application/json" -d '{ + "name": "catalog1", + "type": "ICEBERG", + "comment": "Iceberg catalog", + "properties": {} +}' http://localhost:8090/api/metalakes/test/catalogs +``` + +--- Review Comment: I would be better to show before granting privileges the user couldn't access the table, and after granting, the user could access the table. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
