You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pinot.apache.org by "jackjlli (via GitHub)" <gi...@apache.org> on 2023/04/04 20:31:08 UTC

[GitHub] [pinot] jackjlli commented on a diff in pull request #10534: [multistage] Table level Access Validation for multistage queries

jackjlli commented on code in PR #10534:
URL: https://github.com/apache/pinot/pull/10534#discussion_r1157732553


##########
pinot-broker/src/main/java/org/apache/pinot/broker/api/AccessControl.java:
##########
@@ -47,4 +48,14 @@ default boolean hasAccess(RequesterIdentity requesterIdentity) {
    * @return {@code true} if authorized, {@code false} otherwise
    */
   boolean hasAccess(RequesterIdentity requesterIdentity, BrokerRequest brokerRequest);
+
+  /**
+   * Fine-grained access control on pinot tables.
+   *
+   * @param requesterIdentity requester identity
+   * @param tables Set of pinot tables used in the query
+   *
+   * @return {@code true} if authorized, {@code false} otherwise
+   */
+  boolean hasAccess(RequesterIdentity requesterIdentity, Set<String> tables);

Review Comment:
   qq: should we specify that this table name can be either with a table type (like `table1_OFFLINE`) or without a table type?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org