Support rbac control for the data access #8621
Labels
component/security
Component: Security
help wanted
Help wanted. Contributions are very welcome!
sig/scheduling
SIG scheduling
Comments
nolouch
added
component/security
Yisaer
changed the title
|
This issue is for the TiKV CommunityBridge project. Mentee candidates who want to participate in CommunityBridge with the TiKV project are expected to join Slack Channel to have self-introductions before applying. |
This was referenced Dec 2, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
Is your feature request related to a problem? Please describe:
Currently, the user who have the pd address will have the ability to do every action in pd and tikv (read/write/delete). However, in real world users might need to have the different rights to access the data. (like mysql rbac control)
Describe the feature you'd like:
Adding rbac control for the TiKV and PD so that each request for access data to TiKV and PD will be checked by
authorizationandauthentication.The whole task would be split into following steps:
authorizationandauthenticationfor PD to control the whole rbac process.authorizationandauthenticationin PD for the PD API by rbac controlauthorizationandauthenticationin TiKV (metadata would be saved in PD)Describe alternatives you've considered:
Teachability, Documentation, Adoption, Migration Strategy:
The detailed design document would be released recently by @Yisaer
The text was updated successfully, but these errors were encountered: