You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@shardingsphere.apache.org by "RaigorJiang (via GitHub)" <gi...@apache.org> on 2023/04/13 02:46:40 UTC

[GitHub] [shardingsphere] RaigorJiang opened a new issue, #25149: [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider.

RaigorJiang opened a new issue, #25149:
URL: https://github.com/apache/shardingsphere/issues/25149

   Hi community,
   
   Now, in ShardingSphere-Proxy, we provide two privilege providers: `ALL_PERMITTED` and `DATABASE_PERMITTED`.
   Some users are confused when using it, especially in cluster mode, modifying the local yaml file does not really change the authority configuration in cluster, which increases the difficulty of operation and maintenance.
   
   Maybe we can combine these two providers:
   1. Merge providers into one
   2. Super user can be specified (the effect is the same as `ALL_PERMITTED`)
   3. Non-super users must be authorized, otherwise they cannot operate any database.
   4. The super user can execute `ALTER AUTHORITY RULE` through DistSQL to dynamically modify the configuration.
   
   This is just a preliminary idea, more suggestions and discussions are welcome.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider. [shardingsphere]

Posted by "nisiyong (via GitHub)" <gi...@apache.org>.

nisiyong commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1919347863

   > 4\. The super user can execute `ALTER AUTHORITY RULE` through DistSQL to dynamically modify the configuration.
   
   Hi, @RaigorJiang , I raised the discussion https://github.com/apache/shardingsphere/discussions/29742 here, and it is the same thing. I think updating the authority rule through DistSQL is a good idea.
   
   @RaigorJiang  @terrymanu Do we have any progress in this proposal? And if need some help, I am willing to solve it. 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider. [shardingsphere]

Posted by "nisiyong (via GitHub)" <gi...@apache.org>.

nisiyong commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1922859301

   Can we define super user from yaml file or environment variables? Keep it simple and it cannot update in runtime. Other users can be defined through the DistSQL.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider. [shardingsphere]

Posted by "RaigorJiang (via GitHub)" <gi...@apache.org>.

RaigorJiang commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1922852838

   Hi @nisiyong 
   Thans for your attention. Before the refactoring, we need to clarify how to declare super user?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider. [shardingsphere]

Posted by "nisiyong (via GitHub)" <gi...@apache.org>.

nisiyong commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1924139203

   Both the YAML file and the environment variables are Okay, but where can we start? It seems the authority part is being refactored by @terrymanu.
   
   Are we going to release a new version recently?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider. [shardingsphere]

Posted by "RaigorJiang (via GitHub)" <gi...@apache.org>.

RaigorJiang commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1970300688

   I plan to add the `isSuper` flag to user for subsequent refactoring


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider. [shardingsphere]

Posted by "RaigorJiang (via GitHub)" <gi...@apache.org>.

RaigorJiang commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1922862131

   > Can we define super user from yaml file or environment variables? Keep it simple and it cannot update in runtime. Other users can be defined through the DistSQL.
   
   Yes we need to add super flag in yaml, I agree with you.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere] RaigorJiang commented on issue #25149: [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider.

Posted by "RaigorJiang (via GitHub)" <gi...@apache.org>.

RaigorJiang commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1506280525

   @TeslaCN Thanks for the tip, I will refer to the UDS usage.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [shardingsphere] TeslaCN commented on issue #25149: [Proposal] Merge `ALL_PERMITTED` and `DATABASE_PERMITTED` into one privilege provider.

Posted by "TeslaCN (via GitHub)" <gi...@apache.org>.

TeslaCN commented on issue #25149:
URL: https://github.com/apache/shardingsphere/issues/25149#issuecomment-1506273302

   Unix domain socket is available in Proxy #24524. Could we consider supporting trusted authentication for connection from UDS? 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@shardingsphere.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org