Current ACL design is based on very early versions where kylin merely had simple concepts like projects and cubes. With the advent of Kylin v2.0, and several new concepts like Data Model ( http://kylin.apache.org/docs/gettingstarted/concepts.html) and Query Pushdown (KYLIN-2515), the original cube-centric ACL design is becoming outdated. The reasons are two-fold: 1. cubes are no longer the only entities we want to take control within each projects. 2. Cube-level ACL cannot protect underlying tables from being queries by unwanted users.
In fact, cubes is merely a special kind of index on the original table. It's not straightforward to apply ACL on indexes rather than original tables. That said, we need table-level ACL instead of cube-level ACL. We have elaborated the detailed plans in KYLIN-2760 and KYLIN-2761. Please comment on those issues or reply this email if you have any concerns. -- Regards, *Bin Mahone | 马洪宾*
