hdygxsj commented on code in PR #9691:
URL: https://github.com/apache/gravitino/pull/9691#discussion_r2685139618
##########
docs/security/access-control.md:
##########
@@ -455,6 +455,73 @@ gravitino.authorization.enable = true
gravitino.authorization.serviceAdmins = admin1,admin2
```
+## Migration Guide
+
+If you have metalakes that were created before authorization was enabled, you
need to perform a migration to ensure proper access control.
Review Comment:
Should the affected versions be added here?
##########
server-common/src/main/java/org/apache/gravitino/server/authorization/PassThroughAuthorizer.java:
##########
@@ -76,6 +80,14 @@ public boolean isSelf(Entity.EntityType type, NameIdentifier
nameIdentifier) {
@Override
public boolean isMetalakeUser(String metalake) {
+ AccessControlDispatcher dispatcher =
GravitinoEnv.getInstance().accessControlDispatcher();
+ if (dispatcher != null) {
+ try {
+ dispatcher.getUser(metalake, PrincipalUtils.getCurrentUserName());
+ } catch (NoSuchUserException e) {
+ dispatcher.addUser(metalake, PrincipalUtils.getCurrentUserName());
Review Comment:
Why is it necessary to add the user here?
If authentication and authorization are not enabled, could there be any
issues here?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
