[Improvement][DataSource] all user have all datasource permission,lead data security issues

[beeflyme]

For better global communication, please give priority to using English description, thx!

Please review https://dolphinscheduler.apache.org/en-us/community/development/issue.html when describe an issue.

Describe the question all user have all datasource permission,lead data security issues.

What are the current deficiencies and the benefits of improvement to slove the data safety problem.

Which version of DolphinScheduler: -[1.3.6-preview]

Describe alternatives you've considered

1. for example there are three users userA,userB、userC using a DolphinScheduler plantform. we can separate them with three different projects.
2. but one user(such as A) can use all datasource include other person/project(B\C) using.
3. if A in fact don't have userB's datasource access perm, but he still can using datasource userB created. then, A can download all tables by datax/sqoop using datasource B created. that lead data security issues.

[ruanwenjun]

Yes, the permission and security is very important, a common permission model is user to projects and project to resources. In this model, if a user have the access to one project, then he has the access to the resources belong to the project.

If you have any idea, you can start a discussion, this might be interesting.

[CalvinKirs]

Great suggestion, can you provide a specific design and complete it?

[geosmart]

datasource permission is coarse-grained . for fine-grained permission we can use dataset which is created by datasource( like sql view) .

control from db level to table row level

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity for 30 days. It will be closed in next 7 days if no further activity occurs.

[github-actions[bot]]

This issue has been closed because it has not received response for too long time. You could reopen it if you encountered similar problems in the future.