roryqi commented on code in PR #9785:
URL: https://github.com/apache/gravitino/pull/9785#discussion_r2787784943
##########
docs/gravitino-server-config.md:
##########
@@ -260,6 +260,16 @@ Writer configuration begins with
`gravitino.audit.writer.${name}`, where `${name
Refer to [security](security/security.md) for HTTPS and authentication
configurations.
+#### Catalog security configuration
+
+| Configuration item | Description
| Default value | Required | Since version |
+|-----------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|----------|---------------|
+| `gravitino.authorization.filterSensitiveProperties` | Whether to filter
sensitive properties (passwords, secret keys, tokens) in catalog responses.
When enabled, sensitive properties are hidden from users without appropriate
permissions (owner or alter permission). | `true` | No | 1.1.0
|
+
+:::info
+When `gravitino.authorization.filterSensitiveProperties` is set to `true`,
sensitive catalog properties such as passwords, JDBC credentials, AWS secret
keys, Azure storage account keys, and authentication tokens will be hidden in
API responses unless the user has owner or alter permissions on the catalog.
Review Comment:
It's ok for us. See my comment above.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
