-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add Object Table for Authz in __INTERNAL_DB #3804
Conversation
SDK Test Report101 files ±0 101 suites ±0 2m 4s ⏱️ -4s Results for commit 5015ab9. ± Comparison against base commit db1c1f8. This pull request removes 48 and adds 27 tests. Note that renamed tests count towards both.
|
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3804 +/- ##
=========================================
Coverage 40.70% 40.70%
Complexity 658 658
=========================================
Files 195 195
Lines 11514 11514
Branches 1380 1380
=========================================
Hits 4687 4687
Misses 6523 6523
Partials 304 304 ☔ View full report in Codecov by Sentry. |
Linux Test Report 53 files ±0 60 suites ±0 28m 3s ⏱️ +12s For more details on these failures, see this check. Results for commit 5015ab9. ± Comparison against base commit db1c1f8. |
@@ -49,11 +50,11 @@ enum class SystemTableType { | |||
kGlobalVariable = 3, | |||
kDeployResponseTime, | |||
kUser, | |||
kObject, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
object
is too general, pick a better name for privilege
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about UserPrivilege
?
What kind of change does this PR introduce?
This PR introduces a new feature that adds an object table to OpenMLDB for authorization purposes. The table is accessible in the __INTERNAL_DB database and is named OBJECT. This feature allows for enhanced security measures by facilitating permission checks and other authorization mechanisms through the newly introduced table.
What is the current behavior?
Currently, OpenMLDB lacks a dedicated object table for authorization purposes, limiting the ability to implement fine-grained access control and permission checks within the database.
What is the new behavior (if this is a feature change)?
With this change, OpenMLDB introduces an OBJECT table under the __INTERNAL_DB database, which can be interacted with using the DESCRIBE OBJECT; command. This table is designed to store authorization-related information, enabling developers and database administrators to implement more sophisticated authz mechanisms. This feature enhances OpenMLDB's security model by allowing for detailed permission settings and access control at a granular level.