GitHub user jihuayu created a discussion: ACL Proposal
# ACL Design Proposal for Kvrocks
## Overview
This document proposes an Access Control List (ACL) feature for Kvrocks
## Namespace-Based User Management
- **Namespaces:** Users are managed under namespaces. Any user created by
another user is assigned to the creator’s namespace.
- To prevent the auth command from failing to locate the user's corresponding
namespace, different namespaces cannot have users with the same name. If a user
with the same name exists in another namespace, an error will be returned.
- Users in namespace A are not allowed to view, modify, or delete users in
namespace B.
PS: For items 2 , we have an alternative design: the Auth command can specify
the namespace using the format `username#namespace_name`, for example: `auth
jihuayu#ns1 token`. If the user is in the default namespace, the # part can be
omitted, for example: `auth jihuayu token`. With this approach, we no longer
need to restrict duplicate usernames across different namespaces.
## ACL Persistence
- **Storage:** ACL data is persisted in a dedicated column family, considering
use `PropagateColumnFamily`.
- Each user’s ACL information is stored under a unique key (this key begins
with string 'acl'), containing namespace ,version and both password and
permissions using redis ACL SETUSER commands string.
```
+-------------+-------------+---------+----------------------------------+
acl|user name => | ns size | namespace | version | redis ACL SETUSER
commands string|
| (1byte: X) | (Xbyte) | (8byte) | (Nbyte)
|
+-------------+-------------+---------+----------------------------------+
```
- This column family will be actively synchronized to the replica nodes. When a
replica node receives a key that starts with "acl", it will automatically
generate the corresponding data for it.
## Permission Structure
- The overall structure of permissions closely follows Redis’s ACL bitmap index
approach.
- Each user's permissions on commands are represented by bitmaps, enabling
efficient checks and updates.
### Core Data Structure
```c++
struct aclSelector {
uint32_t flags; // SELECTOR_FLAG_ALLKEYS, ALLCHANNELS, ALLCOMMANDS, etc.
std::vector<uint64_t> allowed_commands; // Command permission bitmap, size
= USER_COMMAND_BITS_COUNT / 64
std::vector<std::string> patterns; // List of key patterns
std::vector<std::string> channels; // List of channel patterns
};
```
- **Flags:** Indicate global permissions such as access to all keys, channels,
or commands.
- **allowed_commands:** Bitmap representing allowed commands for the user.
- **patterns:** List of allowed key patterns, supporting fine-grained key
access control.
- **channels:** List of allowed channel patterns for pub/sub permissions.
## Subcommand Permissions
- Redis supports blocking individual subcommands. In Kvrocks, we need a unified
method to collect and control subcommand permissions.
- **\*\*NEED HELP\*\* Required to design a robust and maintainable subcommand
permission system.**
## Compatibility Notes
- We do **not** support the deprecated Redis 7.0 feature: [Allow the first arg
of a blocked
command](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/#allow-the-first-arg-of-a-blocked-command).
## Development Plan
1. **Core Data Structures**
- Design and implement the ACL selector and user permission structures.
2. **User Password & Authentication**
- Implement password storage and authentication logic.
3. **Basic Permission Control & Selectors**
- Implement bitmaps and selectors for basic command permission checks.
4. **Command Category Restrictions**
- Support command category restrictions per [Redis ACL documentation
(Command
Categories)](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/#command-categories).
5. **Key Permissions**
- Support key pattern-based access control per [Redis ACL documentation (Key
Permissions)](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/#key-permissions).
6. **Other Related Command Implementations**
- Complete additional ACL-related command implementations as needed.
GitHub link: https://github.com/apache/kvrocks/discussions/3234
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
