Closed become-nice closed 1 year ago
we don't support partition level RBAC yet. but it's a good issue, mark it as good first issue
@xiaofan-luan Considering large groups‘ advanced need like partition/row/column level auth control, they always develop their own auth service, self-developed or based on open source project like Apache Sentry/Apache Ranger. How about we provide auth interface hook? Users can implement their own hook. And we can provide enterprise auth service on cloud.
@xiaofan-luan Considering large groups‘ advanced need like partition/row/column level auth control, they always develop their own auth service, self-developed or based on open source project like Apache Sentry/Apache Ranger. How about we provide auth interface hook? Users can implement their own hook. And we can provide enterprise auth service on cloud.
This is actually a good suggestion, we can support third party plugin for auth
but this service has to be very fast, authed in less than 1-2 milliseconds
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Rotten issues close after 30d of inactivity. Reopen the issue with /reopen
.
Hi - wanted to re-open this - is this being looked into? This would help support production applications for sensitive documents where each document has its own entitlement group
we don't have partition level rbac. Why not use multiple collections?
There a few reasons that come to mind
1) Each document has its own user permissions and collection level access control will not be sufficient
2) we tend to favor storing documents of similar schema in the same Milvus collection for enhanced query performance / retrieval
3) Milvus restricts the number of collections to ~65k and we’ve heard that performance degrades as more collections are added
That's true. The problem here is even if you use partition there is still some limitation here. May i know how many partitions you want to create in total? Why not use partition key features
Thanks for the reply. As of now we are looking at about 10k-15k distinct collections, each of which require their own access control but this could increase as users upload more collections / documents. Milvus currently doesn’t support partition level authentication, does it?
no, even we support partition level auth, having 15K level partitions is not a choice.
We are try to optimize milvus to achive 10K collections, but there is still a lot challenge engineering side
for each collection, we support no more than 1024 partitions.
So the 10k number referred to the total number of distinct partitions (documents) spread across combinations of collection / partitions. I think it would be more like 700-1000 collections (for each distinct user) and anywhere between 10-100 partitions per collection for each document a user has access to. But thank you so much for the response. Understood capacity constraints if it’s an engineering challenge.
you can try so to do 700 -100 collections with 10-100 partitions. There seems to be risk and with latest 2.4 this could be improved already
Is there an existing issue for this?
Environment
Current Behavior
In the milvus document, milvus can support partition-level user read and write permission settings, but in fact I can’t set it.
Expected Behavior
No response
Steps To Reproduce
May I ask whether it currently does not support partition-level read and write permission settings or the method I used is wrong.The method I use is as follows.
The error message is as follows.
I also tried the Collection parameter, also can't get it to set.
Milvus Log
No response
Anything else?
No response