You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/03/10 03:49:12 UTC
[GitHub] [pulsar] joefk commented on issue #6428: [Issue 5720][authorization
provider] (WIP) Add more granularity
joefk commented on issue #6428: [Issue 5720][authorization provider] (WIP) Add more granularity
URL: https://github.com/apache/pulsar/pull/6428#issuecomment-596888065
> Due to "real" authz plugin we should drop all roles/actions stuff which are in ZK. DefaultAuthzProvider should be updated regarding this.That being said, we need maintain legacy stuff so I would like to have your opinions about this.
I would like to see legacy stuff work as it is.
My concern is that is trying to impose a model which is not supported in Pulsar. Assumptions like "Any resource operation should be managed/authorized by the resource which owns it." and "ClusterOperations should manage Tenants, TenantOperation should manage Namespaces, etc. Hierarchical approach" it only makes me think that is being designed for some other system, which is not Pulsar.
Pulsar has no operational hierarchy beyond tenants. It is not designed for namespace admins or topic admins. The premise of pulsar is that a tenant manages all its namespaces. There are operations that can be logically managed at the namespace and topic level, but that is a convenience for the tenant admin.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services