Skip to content

Commit

Permalink
Mark ALL_PERMITTED privilege provider as deprecated (#33231)
Browse files Browse the repository at this point in the history
  • Loading branch information
@RaigorJiang
RaigorJiang authored Oct 13, 2024
1 parent cf2afaf commit 3789f06
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 23 deletions.
21 changes: 10 additions & 11 deletions docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ weight = 1

得益于 ShardingSphere 的可插拔架构,Proxy 提供了两种级别的权限提供者,分别是:

- `ALL_PERMITTED`:每个用户都拥有所有权限,无需专门授权;
- `DATABASE_PERMITTED`:为用户授予指定逻辑库的权限,通过 `user-database-mappings` 进行定义。
- `ALL_PERMITTED`:每个用户都拥有所有权限,无需专门授权;(将在未来版本中删除)
- `DATABASE_PERMITTED`:为用户授予指定逻辑库的权限,通过 `user-database-mappings` 进行定义。(推荐使用)

在配置 `authority` 时,管理员可根据需要选择使用哪一种权限提供者。

Expand Down Expand Up @@ -79,7 +79,7 @@ authority:

### 授权配置

#### ALL_PERMITTED
#### ALL_PERMITTED (将在未来版本中删除)

```yaml
authority:
Expand All @@ -97,26 +97,25 @@ authority:
- 未定义 `authenticators` 和 `authenticationMethodName`,Proxy 将根据前端协议自动选择;
- 指定权限提供者为 `ALL_PERMITTED`。

#### DATABASE_PERMITTED
#### DATABASE_PERMITTED (推荐使用)

```yaml
authority:
users:
- user: [email protected]
password: root
admin: true
- user: sharding
password: sharding
- user: test
password: sharding
privilege:
type: DATABASE_PERMITTED
props:
user-database-mappings: [email protected]=*, sharding@%=test_db, sharding@%=sharding_db
user-database-mappings: sharding@%=*, test@%=test_db, test@%=sharding_db
```

说明:
- 定义了两个用户:`[email protected]` 和 `sharding`;
- 定义了一个超级用户 `[email protected]` 和两个普通用户:`sharding` 和 `test`;
- 未定义 `authenticators` 和 `authenticationMethodName`,Proxy 将根据前端协议自动选择;
- 指定权限提供者为 `DATABASE_PERMITTED`,并授权 `[email protected]` 用户访问所有逻辑库(`*`),sharding 用户仅能访问 test_db 和 sharding_db。

## 相关参考

权限提供者具体实现可以参考 [权限提供者](/cn/user-manual/shardingsphere-proxy/yaml-config/authority/)。
- 指定权限提供者为 `DATABASE_PERMITTED`,并授权 `sharding@%` 用户访问所有逻辑库(`*`),test 用户仅能访问 test_db 和 sharding_db。
22 changes: 10 additions & 12 deletions docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ In ShardingSphere-Proxy, user authentication and authorization information is co

Thanks to ShardingSphere's pluggable architecture, Proxy provides two levels of privilege providers, namely:

- `ALL_PERMITTED`: each user has all privileges without special authorization.
- `DATABASE_PERMITTED`: grants the user privileges on the specified logical databases, defined by `user-database-mappings`.
- `ALL_PERMITTED`: each user has all privileges without special authorization. (Will be removed in a future version)
- `DATABASE_PERMITTED`: grants the user privileges on the specified logical databases, defined by `user-database-mappings`. (Recommended)

The administrator can choose which privilege provider to use as needed when configuring `authority`.

Expand Down Expand Up @@ -49,7 +49,6 @@ Explanation:
- `authenticationMethodName` is not specified for `[email protected]`, Proxy will automatically choose the authentication method according to the frontend protocol;
- Privilege provider is not specified, the default `ALL_PERMITTED` will be used;


### Authentication configuration

The custom authentication configuration allows users to greater leeway to set their own custom configurations according to their scenarios.
Expand Down Expand Up @@ -80,7 +79,7 @@ Explanation:

### Authorization configuration

#### ALL_PERMITTED
#### ALL_PERMITTED (Will be removed in a future version)

```yaml
authority:
Expand All @@ -98,26 +97,25 @@ Explanation:
- `authenticators` and `authenticationMethodName` are not defined, Proxy will automatically choose the authentication method according to the frontend protocol;
- The privilege provider `ALL_PERMITTED` is specified.

#### DATABASE_PERMITTED
#### DATABASE_PERMITTED (Recommended)

```yaml
authority:
users:
- user: [email protected]
password: root
admin: true
- user: sharding
password: sharding
- user: test
password: sharding
privilege:
type: DATABASE_PERMITTED
props:
user-database-mappings: [email protected]=*, sharding@%=test_db, sharding@%=sharding_db
user-database-mappings: sharding@%=*, test@%=test_db, test@%=sharding_db
```

Explanation:
- Two users are defined: `[email protected]` and `sharding`;
- Three users are defined: `[email protected]`, `sharding` and `test`, which `[email protected]` is an admin user;
- `authenticators` and `authenticationMethodName` are not defined, Proxy will automatically choose the authentication method according to the frontend protocol;
- The privilege provider `DATABASE_PERMITTED` is specified, authorize `[email protected]` to access all logical databases (`*`), and user `sharding` can only access `test_db` and `sharding_db`.

## Related References

Please refer to [Authority Provider](/en/user-manual/shardingsphere-proxy/yaml-config/authority/) for the specific implementation of authority provider.
- The privilege provider `DATABASE_PERMITTED` is specified, authorize `sharding@%` to access all logical databases (`*`), and user `test` can only access `test_db` and `sharding_db`.
3 changes: 3 additions & 0 deletions ...va/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,10 @@

/**
* All permitted privilege provider.
*
* @deprecated Use DatabasePermittedPrivilegeProvider instead.
*/
@Deprecated
public final class AllPermittedPrivilegeProvider implements PrivilegeProvider {

@Override
Expand Down

0 comments on commit 3789f06

Please sign in to comment.