You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2021/07/01 13:27:39 UTC

[GitHub] [incubator-doris] stalary edited a comment on issue #6103: [Feature] Support configuring blocklist by user level to deny the specified SQL

stalary edited a comment on issue #6103:
URL: https://github.com/apache/incubator-doris/issues/6103#issuecomment-872241437


   ## Design Doc
   Rules are stored using sqlblockList, stored in metadata, and managed in catalog，Rules are divided by user, with support for configuring the defalut user, which represents the default rule
   
   Enable way
   - use enable_sql_blocklist，@ConfField(mutable = true, masterOnly = false)
   - admin set frontend config ("enable_sql_blocklist" = "true")
   
   Sqlblocklist info
   - name
   - user
   - sql
   - enable
   
   Supoort grammar
   - SHOW BLOCKLIST [WHERE name|sql|user|enable = "xxx"]
   - CREATE BLOCKLIST test_rule PROPERTIES ("user"="default", "sql"="select .* from .* join .*", "enable": "true")
   - ALTER BLOCKLIST test_rule PROPERTIES ("user"="test_user", "enable": "false")
   - DROP BLOCKLIST (test_rule|test_rule1,test_rule2)
   
   Interception point
   - StmtExecutor.execute -> QueryStmt -> regex match -> deny


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org