fuweng11 opened a new pull request, #1187:
URL: https://github.com/apache/inlong-website/pull/1187

   <!-- Prepare a Pull Request
   Change the title of pull request refer to the following example:
     [INLONG-XYZ][Component] Title of the pull request 
   -->
   
   <!-- Specify the issue this pull request going to fix.
   The following *XYZ* should be replaced by the actual [GitHub 
Issue](https://github.com/apache/inlong/issues) number)-->
   
   Fixes #1186
   
   ### Motivation
   
   Update security doc.
   Add tenant-related security model.
   The Manager module in Apache InLong provides tenant isolation capabilities, 
enabling permission management based on tenants. Any member of a tenant can 
view all business information within that tenant, while only the responsible 
personnel of a Group can modify or delete Group, Sink, Stream, and related 
entities. We believe that if users want to ensure their business data is not 
accessible by others, they simply need to prevent other users from joining 
their tenant. Therefore, if potential vulnerabilities arise due to tenant 
members being able to access Group, Stream, or similar information within the 
same tenant, such issues should not be reported as security vulnerabilities in 
Apache InLong. We welcome suggestions for enhancing the codebase.
   ### Modifications
   
   <!--Describe the modifications you've done.-->
   
   ### Verifying this change
   
   - [ ] Make sure that the change passes the CI checks.
   
   *(Please pick either of the following options)*
   
   - [ ] This change is a trivial rework/code cleanup without any test coverage.
   
   - [ ] This change is already covered by existing tests, such as:
     *(please describe tests)*
   
   - [ ] This change added tests and can be verified as follows:
   
     *(example:)*
       - *Added integration tests for end-to-end deployment with large payloads 
(10MB)*
       - *Extended integration test for recovery after broker failure*
   
   ### Documentation
   
     - Does this pull request introduce a new feature? (yes / no)
     - If yes, how is the feature documented? (not applicable / docs / JavaDocs 
/ not documented)
     - If a feature is not applicable for documentation, explain why?
     - If a feature is not documented yet in this PR, please create a followup 
issue for adding the documentation
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to