You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by "morningman (via GitHub)" <gi...@apache.org> on 2023/06/11 15:01:37 UTC

[GitHub] [doris] morningman commented on a diff in pull request #20242: [feature-wip](workload-group) Support for workload group Authentication

morningman commented on code in PR #20242:
URL: https://github.com/apache/doris/pull/20242#discussion_r1225835449


##########
docs/zh-CN/docs/sql-manual/sql-reference/Account-Management-Statements/GRANT.md:
##########
@@ -68,7 +70,7 @@ privilege_list 是需要赋予的权限列表，以逗号分隔。当前 Doris 
 
     1. 节点权限：NODE_PRIV
     2. 库表权限：SELECT_PRIV,LOAD_PRIV,ALTER_PRIV,CREATE_PRIV,DROP_PRIV
-    3. 资源权限：USAGE_PRIV
+    3. 资源权限<version since="dev">和workload group权限</version>：USAGE_PRIV

Review Comment:
   Need to use `<version since="1.0" type="inline" >` for inline version tag.
   See: https://doris.apache.org/zh-CN/community/how-to-contribute/contribute-doc#%E8%A1%8C%E5%86%85%E6%A0%87%E7%AD%BE



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/Role.java:
##########
@@ -53,12 +55,21 @@ public class Role implements Writable, GsonPostProcessable {
     // admin is like DBA, who has all privileges except for NODE privilege held by operator
     public static String ADMIN_ROLE = "admin";
 
-    public static Role OPERATOR = new Role(OPERATOR_ROLE,
-            TablePattern.ALL, PrivBitSet.of(Privilege.NODE_PRIV, Privilege.ADMIN_PRIV),
-            ResourcePattern.ALL, PrivBitSet.of(Privilege.NODE_PRIV, Privilege.ADMIN_PRIV));
-    public static Role ADMIN = new Role(ADMIN_ROLE,
-            TablePattern.ALL, PrivBitSet.of(Privilege.ADMIN_PRIV),
-            ResourcePattern.ALL, PrivBitSet.of(Privilege.ADMIN_PRIV));
+    public static Role OPERATOR;
+    public static Role ADMIN;
+
+    static {
+        try {
+            // Global privileges do not distinguish Patter, global admin and node privileges contain all privileges

Review Comment:
   ```suggestion
               // Global privileges do not distinguish Pattern, global admin and node privileges contain all privileges
   ```



##########
fe/fe-core/src/main/java/org/apache/doris/analysis/GrantStmt.java:
##########
@@ -69,6 +71,21 @@ public GrantStmt(UserIdentity userIdent, String role,
         this.role = role;
         this.tblPattern = null;
         this.resourcePattern = resourcePattern;
+        this.workloadGroupPattern = null;

Review Comment:
   I think we can unify all these constructors, to avoid writing duplicate code.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org