diff --git a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md index 6e760bff639dc..deeaf69aa47ac 100644 --- a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md +++ b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.cn.md @@ -9,8 +9,8 @@ weight = 1 得益于 ShardingSphere 的可插拔架构,Proxy 提供了两种级别的权限提供者,分别是: -- `ALL_PERMITTED`:每个用户都拥有所有权限,无需专门授权; -- `DATABASE_PERMITTED`:为用户授予指定逻辑库的权限,通过 `user-database-mappings` 进行定义。 +- `ALL_PERMITTED`:每个用户都拥有所有权限,无需专门授权;(将在未来版本中删除) +- `DATABASE_PERMITTED`:为用户授予指定逻辑库的权限,通过 `user-database-mappings` 进行定义。(推荐使用) 在配置 `authority` 时,管理员可根据需要选择使用哪一种权限提供者。 @@ -79,7 +79,7 @@ authority: ### 授权配置 -#### ALL_PERMITTED +#### ALL_PERMITTED (将在未来版本中删除) ```yaml authority: @@ -97,26 +97,25 @@ authority: - 未定义 `authenticators` 和 `authenticationMethodName`,Proxy 将根据前端协议自动选择; - 指定权限提供者为 `ALL_PERMITTED`。 -#### DATABASE_PERMITTED +#### DATABASE_PERMITTED (推荐使用) ```yaml authority: users: - user: root@127.0.0.1 password: root + admin: true - user: sharding password: sharding + - user: test + password: sharding privilege: type: DATABASE_PERMITTED props: - user-database-mappings: root@127.0.0.1=*, sharding@%=test_db, sharding@%=sharding_db + user-database-mappings: sharding@%=*, test@%=test_db, test@%=sharding_db ``` 说明: -- 定义了两个用户:`root@127.0.0.1` 和 `sharding`; +- 定义了一个超级用户 `root@127.0.0.1` 和两个普通用户:`sharding` 和 `test`; - 未定义 `authenticators` 和 `authenticationMethodName`,Proxy 将根据前端协议自动选择; -- 指定权限提供者为 `DATABASE_PERMITTED`,并授权 `root@127.0.0.1` 用户访问所有逻辑库(`*`),sharding 用户仅能访问 test_db 和 sharding_db。 - -## 相关参考 - -权限提供者具体实现可以参考 [权限提供者](/cn/user-manual/shardingsphere-proxy/yaml-config/authority/)。 +- 指定权限提供者为 `DATABASE_PERMITTED`,并授权 `sharding@%` 用户访问所有逻辑库(`*`),test 用户仅能访问 test_db 和 sharding_db。 diff --git a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md index 9746295376c71..d6f8512469c31 100644 --- a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md +++ b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authority.en.md @@ -9,8 +9,8 @@ In ShardingSphere-Proxy, user authentication and authorization information is co Thanks to ShardingSphere's pluggable architecture, Proxy provides two levels of privilege providers, namely: -- `ALL_PERMITTED`: each user has all privileges without special authorization. -- `DATABASE_PERMITTED`: grants the user privileges on the specified logical databases, defined by `user-database-mappings`. +- `ALL_PERMITTED`: each user has all privileges without special authorization. (Will be removed in a future version) +- `DATABASE_PERMITTED`: grants the user privileges on the specified logical databases, defined by `user-database-mappings`. (Recommended) The administrator can choose which privilege provider to use as needed when configuring `authority`. @@ -49,7 +49,6 @@ Explanation: - `authenticationMethodName` is not specified for `root@127.0.0.1`, Proxy will automatically choose the authentication method according to the frontend protocol; - Privilege provider is not specified, the default `ALL_PERMITTED` will be used; - ### Authentication configuration The custom authentication configuration allows users to greater leeway to set their own custom configurations according to their scenarios. @@ -80,7 +79,7 @@ Explanation: ### Authorization configuration -#### ALL_PERMITTED +#### ALL_PERMITTED (Will be removed in a future version) ```yaml authority: @@ -98,26 +97,25 @@ Explanation: - `authenticators` and `authenticationMethodName` are not defined, Proxy will automatically choose the authentication method according to the frontend protocol; - The privilege provider `ALL_PERMITTED` is specified. -#### DATABASE_PERMITTED +#### DATABASE_PERMITTED (Recommended) ```yaml authority: users: - user: root@127.0.0.1 password: root + admin: true - user: sharding password: sharding + - user: test + password: sharding privilege: type: DATABASE_PERMITTED props: - user-database-mappings: root@127.0.0.1=*, sharding@%=test_db, sharding@%=sharding_db + user-database-mappings: sharding@%=*, test@%=test_db, test@%=sharding_db ``` Explanation: -- Two users are defined: `root@127.0.0.1` and `sharding`; +- Three users are defined: `root@127.0.0.1`, `sharding` and `test`, which `root@127.0.0.1` is an admin user; - `authenticators` and `authenticationMethodName` are not defined, Proxy will automatically choose the authentication method according to the frontend protocol; -- The privilege provider `DATABASE_PERMITTED` is specified, authorize `root@127.0.0.1` to access all logical databases (`*`), and user `sharding` can only access `test_db` and `sharding_db`. - -## Related References - -Please refer to [Authority Provider](/en/user-manual/shardingsphere-proxy/yaml-config/authority/) for the specific implementation of authority provider. +- The privilege provider `DATABASE_PERMITTED` is specified, authorize `sharding@%` to access all logical databases (`*`), and user `test` can only access `test_db` and `sharding_db`. diff --git a/kernel/authority/provider/simple/src/main/java/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java b/kernel/authority/provider/simple/src/main/java/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java index eb770dd0b9789..895cca9ac2f61 100644 --- a/kernel/authority/provider/simple/src/main/java/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java +++ b/kernel/authority/provider/simple/src/main/java/org/apache/shardingsphere/authority/provider/simple/AllPermittedPrivilegeProvider.java @@ -27,7 +27,10 @@ /** * All permitted privilege provider. + * + * @deprecated Use DatabasePermittedPrivilegeProvider instead. */ +@Deprecated public final class AllPermittedPrivilegeProvider implements PrivilegeProvider { @Override