michaeljmarshall commented on issue #19664: URL: https://github.com/apache/pulsar/issues/19664#issuecomment-1458844917
For reference, reading topic properties maps to the `TopicOperation.GET_METADATA`, which requires lookup permission for the topic. Updating or deleting that metadata require tenant admin or superuser privileges. Interestingly, any user that can create a topic can also create the initial properties map for that topic. That is technically inconsistent since a role could have permission to create a properties map but not update it later. In the context of this feature, I think it seems reasonable for a tenant admin or superuser should be able to create/update/delete namespace properties, and I think a super user should be the only role that is able to create/update/delete tenant properties. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
