rdhabalia commented on PR #23036: URL: https://github.com/apache/pulsar/pull/23036#issuecomment-2234067526
> If you want the proxy to be a super user and want to functionally skip the permission check, just add it to the super user list. No, that is incorrect, we are not proposing proxy-roles to be super-user. Proxy role has to be authenticated at Broker first and also bring the original principal role which must pass the authorization. Super user role doesn't have to authenticate client and doesn't have to pass original principal as well. Here, fundamental thing is broken where client has to explicitly authorize proxy role to the namespace policy which is not secured, transparent to users and also not compatible behavior with existing binary protocol. HTTP can't have different behavior where client has to grant permission to proxy roles as well. Proxy is optional and must be abstract to users and users don't have to know it explicitily. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
