roryqi commented on issue #9903: URL: https://github.com/apache/gravitino/issues/9903#issuecomment-3863525217
> What was the ideology behind making the service admin only have the ability to create metalakes? I am trying to understand why service admin was not created like admin in Hive (https://hive.apache.org/docs/latest/language/sql-standard-based-hive-authorization/) where they have pretty much all permissions? > > Actually, will service admins technically have all permissions, if they create all the metalakes? Because they will be metalake owners for all the metalakes, right ? But I think here the difference is that they need to maintain that ownership and should not transfer it to another user We want to avoid using super user in our authorization system. We only build our authorization system based on owner and role. If we use Gravitno to build a Saas product. The service admin will be the Saas product provider, maybe Datastrato. The metalake owner will be the company platform team. If service admin can many things, it will burden the company user worry about security. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
