yuqi1129 opened a new issue, #11573: URL: https://github.com/apache/gravitino/issues/11573
### Describe the proposal The MCP server currently operates as an anonymous, single-identity reader with no authentication, no authorization enforcement, and no audit trail. This epic tracks the work to make it safe for multi-user, governed deployments where: - AI agents discover metadata within the scope of their granted permissions only - Unauthorized write operations are explicitly denied by the authorization layer (not merely hidden) - Every access produces an attributable audit record **Background:** The Gravitino core REST endpoints already apply `FILTER_*_AUTHORIZATION_EXPRESSION` on list results. Once identity flows from the MCP layer, authorization-scoped discovery is inherited automatically — no filtering logic is added in MCP itself. ### Task list - [ ] #11565 — Setting + CLI: add `--token` auth parameter - [ ] #11566 — Identity propagation: inject Bearer token into every Gravitino REST call - [ ] #11567 — Enable write tools: expose tag write operations protected by Gravitino authz - [ ] #11568 — Audit logging: structured per-tool-call audit records attributed to principal - [ ] #11571 — Unit tests: auth flow and audit behaviour - [ ] #11572 — HTTP transport: per-request token isolation for concurrent multi-principal sessions -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
