You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by GitBox <gi...@apache.org> on 2021/07/01 13:27:39 UTC
[GitHub] [incubator-doris] stalary edited a comment on issue #6103: [Feature] Support configuring blocklist by user level to deny the specified SQL
stalary edited a comment on issue #6103:
URL: https://github.com/apache/incubator-doris/issues/6103#issuecomment-872241437
## Design Doc
Rules are stored using sqlblockList, stored in metadata, and managed in catalog,Rules are divided by user, with support for configuring the defalut user, which represents the default rule
Enable way
- use enable_sql_blocklist,@ConfField(mutable = true, masterOnly = false)
- admin set frontend config ("enable_sql_blocklist" = "true")
Sqlblocklist info
- name
- user
- sql
- enable
Supoort grammar
- SHOW BLOCKLIST [WHERE name|sql|user|enable = "xxx"]
- CREATE BLOCKLIST test_rule PROPERTIES ("user"="default", "sql"="select .* from .* join .*", "enable": "true")
- ALTER BLOCKLIST test_rule PROPERTIES ("user"="test_user", "enable": "false")
- DROP BLOCKLIST (test_rule|test_rule1,test_rule2)
Interception point
- StmtExecutor.execute -> QueryStmt -> regex match -> deny
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org