Support rbac control for the data access #8621
Labels
component/security
Component: Security
help wanted
Help wanted. Contributions are very welcome!
sig/scheduling
SIG scheduling
Feature Request
Is your feature request related to a problem? Please describe:
Currently, the user who have the pd address will have the ability to do every action in pd and tikv (read/write/delete). However, in real world users might need to have the different rights to access the data. (like mysql rbac control)
Describe the feature you'd like:
Adding rbac control for the TiKV and PD so that each request for access data to TiKV and PD will be checked by
authorization
andauthentication
.The whole task would be split into following steps:
authorization
andauthentication
for PD to control the whole rbac process.authorization
andauthentication
in PD for the PD API by rbac controlauthorization
andauthentication
in TiKV (metadata would be saved in PD)Describe alternatives you've considered:
Teachability, Documentation, Adoption, Migration Strategy:
The detailed design document would be released recently by @Yisaer
The text was updated successfully, but these errors were encountered: