Skip to content

Block access to all predicates by default in ACL #4082

New issue
New issue
Closed
Closed
Block access to all predicates by default in ACL#4082
Assignees
ashish-goswami
Labels
area/enterpriseRelated to proprietary featuresarea/securitySecurity related issueskind/enhancementSomething could be better.priority/P1Serious issue that requires eventual attention (can wait a bit)status/acceptedWe accept to investigate/work on it.
Milestone
Dgraph v1.1.1
@ashish-goswami

Description

@ashish-goswami
ashish-goswami
opened on Sep 27, 2019

Currently if dgraph cluster is booted up with ACL on, all predicates can be accessed until first rule is created. Ideally we should not allow access to any predicates by default if ACL is on. We can expose acl_allow_all flag to allow access to all predicates after the cluster boot up.

Final behaviour will look as follows -

ACL is off

Access to all predicates is OK

ACL is on

NO Access to any predicates for reading/writing/modifying

ACL is on but cluster is run with the option acl_allow_on

Access to all predicates is OK

Metadata

Metadata

Assignees

Labels

area/enterpriseRelated to proprietary featuresarea/securitySecurity related issueskind/enhancementSomething could be better.priority/P1Serious issue that requires eventual attention (can wait a bit)status/acceptedWe accept to investigate/work on it.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions