roryqi commented on issue #11599: URL: https://github.com/apache/gravitino/issues/11599#issuecomment-4680266949
1. Yes, there are some conflicts now. We can only control metadata privilege. Write and read only require to load metadata. For data, we can use credential vending to control it. It would better to give a storage token which only contains write privilege or write privilege. The credential vending is still building. 2. Modify table include the privileges to read and write privileges. You can see my document https://github.com/apache/gravitino/blob/main/docs/security/access-control.md#table-privileges It will be easy to use the deny. If deny privileges can influence each other, it will be very complex. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
