...
Only root user can grant & revoke privileges.
3、List grants for specific a user/role and resource
Code Block | ||
---|---|---|
| ||
func UserGrantListPrincipalGrantList(principalName string, principalType string, resourceType string, resourceName string) []UserGrantPrincipalGrant |
Output structure:
PrincipalName | PrincipalType | Privilege | ResourceType | ResourceNamePrincipalName | |||
---|---|---|---|---|---|---|---|
Alice | PrincipalTypeUSER | PrivilegeINSERT | Collection | tbl_1 | Alice | User | INSERT |
Users can only query the grants for himself. And only root user can query grants for a role.
...
- There will be initialization program for presetting users, resource types, privileges. Before the Milvus go to service, they are inserted into the meta table.
- The root user is the only user that has privileges to create/drop/grant/revoke users and privileges.
- In MEP-27, basic auth is taking effect if there are any existing users. Since root user is created by default once Milvus service starts, it will introduce a toggle to indicate whether the authentication is turned on.
- Using Casbin for role-based privileges check.
...