Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support rbac control for the data access #8621

Open
5 tasks
Yisaer opened this issue Sep 8, 2020 · 1 comment
Open
5 tasks

Support rbac control for the data access #8621

Yisaer opened this issue Sep 8, 2020 · 1 comment
Labels
component/security Component: Security help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. sig/scheduling SIG scheduling

Comments

@Yisaer
Copy link
Contributor

Yisaer commented Sep 8, 2020
edited
Loading

Feature Request

Is your feature request related to a problem? Please describe:

Currently, the user who have the pd address will have the ability to do every action in pd and tikv (read/write/delete). However, in real world users might need to have the different rights to access the data. (like mysql rbac control)

Describe the feature you'd like:

Adding rbac control for the TiKV and PD so that each request for access data to TiKV and PD will be checked by authorization and authentication.

The whole task would be split into following steps:

  • design authorization and authentication for PD to control the whole rbac process.
  • support authorization and authentication in PD for the PD API by rbac control
  • support rbac ability for pdclient in TiKV
  • support authorization and authentication in TiKV (metadata would be saved in PD)
  • support rbac ability for tikv-client.

Describe alternatives you've considered:

Teachability, Documentation, Adoption, Migration Strategy:

The detailed design document would be released recently by @Yisaer
@nolouch nolouch added component/security Component: Security help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Sep 8, 2020
@Yisaer Yisaer changed the title request rbac control for TiKV Support rbac control for the data access Sep 8, 2020
@rleungx rleungx added the sig/scheduling SIG scheduling label Sep 23, 2020
@rleungx
Copy link
Member

rleungx commented Sep 23, 2020
edited by WT-Liu
Loading

This issue is for the TiKV CommunityBridge project. Mentee candidates who want to participate in CommunityBridge with the TiKV project are expected to join Slack Channel to have self-introductions before applying.

@nolouch nolouch mentioned this issue Nov 30, 2020
Closed
This was referenced Dec 2, 2020
Closed
Merged
@PhotonQuantum PhotonQuantum mentioned this issue Dec 10, 2020
Merged
@cyliu0 cyliu0 mentioned this issue Jan 4, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component/security Component: Security help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. sig/scheduling SIG scheduling
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nolouch @Yisaer @rleungx