search

milvus-io / milvus

A cloud-native vector database, storage for next generation AI applications
https://milvus.io
Apache License 2.0
30.38k stars 2.91k forks source link

[Enhancement]: Pls make [Drop Role] api easy to use #35545

Open Thomas-HuWei opened 2 months ago

Thomas-HuWei commented 2 months ago

Is there an existing issue for this?

What would you like to be added?

【Drop Role】api is not easy to use. Milvus core require to drop all privileges before drop role. Why design like this? This make the api very not easy to use. I think Milvus should provider user "easy to use“ api,so could milvus core self handle this scene. User just call 【Drop role】. If mivlus core need to drop all privileges before drop role, milvus core should do it self. image

Why is this needed?

If mivlus core need to drop all privileges before drop role, milvus core should do it self.

Anything else?

Pls quickly fix. Make the api easy to use.

xiaofan-luan commented 2 months ago

/assign @SimFG

SimFG commented 2 months ago

@xiaofan-luan This is mainly to prevent users from accidentally deleting roles. If a role is bound to many permissions and drop role is called by mistake, it will cost a lot to recreate the role.

If this function is really needed, I prefer to add a parameter to this interface, is_force, to indicate whether to force deletion. If it is set to true, the related privilege binding will be deleted.

xiaofan-luan commented 2 months ago

that's a great idea. we can do force delete to clean up all permissions easier

Thomas-HuWei commented 2 months ago

@xiaofan-luan This is mainly to prevent users from accidentally deleting roles. If a role is bound to many permissions and drop role is called by mistake, it will cost a lot to recreate the role.

If this function is really needed, I prefer to add a parameter to this interface, is_force, to indicate whether to force deletion. If it is set to true, the related privilege binding will be deleted.

Can drop role auto drop privilege? not use parameter "is_force", because all user want just to delete role directly not been suspend.

stale[bot] commented 1 month ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. Rotten issues close after 30d of inactivity. Reopen the issue with /reopen.