jerqi commented on code in PR #9380: URL: https://github.com/apache/gravitino/pull/9380#discussion_r2601238741
########## docs/iceberg-rest-service.md: ########## @@ -284,6 +284,29 @@ The detailed configuration items are as follows: Please refer to [Credential vending](./security/credential-vending.md) for more details. +### Access control + +#### Prerequisites + +To use access control with the Iceberg REST service: + +1. Enable authorization in the Gravitino server by setting `gravitino.authorization.enable = true` +2. Use the [dynamic configuration provider](#dynamic-catalog-configuration-provider) to retrieve catalog configurations from Gravitino + +Please refer to [Access Control](./security/access-control.md) for details on how to configure authorization, create roles, and grant privileges in Gravitino. + +#### How access control works + +When access control is enabled: + +1. Clients authenticate with the Iceberg REST service. Currently supported authentication methods are Basic Auth and OAuth2. +2. The Iceberg REST service forwards the authenticated user identity to the Gravitino server Review Comment: Fixed. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
