Current ACL design is based on very early versions where kylin merely had
simple concepts like projects and cubes.
With the advent of Kylin v2.0, and several new concepts like Data Model (
http://kylin.apache.org/docs/gettingstarted/concepts.html) and Query
Pushdown (KYLIN-2515), the original cube-centric ACL design is becoming
outdated. The reasons are two-fold: 1. cubes are no longer the only
entities we want to take control within each projects. 2. Cube-level ACL
cannot protect underlying tables from being queries by unwanted users.
In fact, cubes is merely a special kind of index on the original table.
It's not straightforward to apply ACL on indexes rather than original
tables. That said, we need table-level ACL instead of cube-level ACL. We
have elaborated the detailed plans in KYLIN-2760 and KYLIN-2761. Please
comment on those issues or reply this email if you have any concerns.
*Bin Mahone | 马洪宾*