crazylab opened a new issue #6696: Support for list of roles in `AuthorizationProvider` interface URL: https://github.com/apache/pulsar/issues/6696 **Is your feature request related to a problem? Please describe.** We would like to keep Pulsar roles very slim with only few actions/role. When required we will assign multiple roles to a user to grant more permission. But currently such composition of roles is not possible in pulsar. The interface for the `AuthorizationProvider` accepts only one role to decide the permission of a user. There is no way to pass multiple roles for authorization. **Describe the solution you'd like** The methods in the `AuthorizationProvider` interface should accept more than one roles as parameter. It should grant the permission using the best matching privilege/role. Example: ```java CompletableFuture<Boolean> canProduceAsync(TopicName topicName, String[] role, AuthenticationDataSource authenticationData); CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String[] role, AuthenticationDataSource authenticationData, String subscription) ... ``` This will enable support for multiple roles in existing authorization methods as well. **Describe alternatives you've considered** A hack is to join all the roles using comma(,) and pass on to the `AuthorizationProvider` method. Then split it inside the methods where access is granted. **Additional context** A sample JWT token to use for this use case. ```json { "roles": [ "Sales-Producer", "Sales-Consumer" ], "sub": "20717d30-1448-4e00-8933-cde56456229f", } ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
