piby180 commented on issue #14076:
URL: https://github.com/apache/pinot/issues/14076#issuecomment-2376072447
Thanks @engrravijain
I have thought about it overnight and I would really prefer the use of
regular expressions if possible as it would give us more flexible in setting
authorization rules.
Specifically the following pattern is also important to us "Give access to
all tables whose names start with vendor_"
Regular expressions also support negative-assertions so the pattern "All
tables except tablex" can also be written via regular expressions.
One proposal could be
````
POST /users
{
"username" : "user1"
"password" : "test",
"component" : "BROKER",
"role" : "USER",
"permissions" : ["READ"],
"tables" : ["ALL"] or "regex"
}
````
where tables could be a list or string OR a regular expression string.
Also, while you are at this topic, it would also make sense to send proper
query response for authentication or authorization failures.
Right now, we get the following error if there is an authentication or
authorization issue and our developers are always confused what this error
means.
````
DatabaseError: Query
{'sql': 'SELECT * FROM tablex LIMIT 10', 'queryOptions':
'useMultistageEngine=true'} timed out: Out of -1, only -1 responded, while
needed was -1
````
I would love to see a clear response which says exactly whether it was
authetication issue or authorization issue.
Let me know if you have any questions for me. Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
