...
Only root user can grant & revoke privileges.
3、List grants for a user/role
| Code Block | ||
|---|---|---|
| ||
func UserGrantListPrincipalGrantList(principalName string, principalType string, resourceType string, resourceName string) []UserGrantPrincipalGrant |
Output structure:
| PrincipalName | UsernamePrincipalType | Privilege | ResourceType | ResourceName |
|---|---|---|---|---|
| Alice | USER | INSERT | Collection | tbl_1 |
Users can only query the grants for himself. And only root user can query grants for a role.
...
- There will be initialization program for presetting users, resource types, privileges. Before the Milvus go to service, they are inserted into the meta table.
- The root user is the only user that has privileges to create/drop/grant/revoke users and privileges.
- In MEP-27, basic auth is taking effect if there are any existing users. Since root user is created by default once Milvus service starts, it will introduce a toggle to indicate whether the authentication is turned on.
- Using Casbin for role-based privileges check.
...