search

prestodb / presto

The official home of the Presto distributed SQL query engine for big data
http://prestodb.io
Apache License 2.0
16.05k stars 5.38k forks source link

Support jCasbin as the authorization backend #10448

Closed veotax closed 6 years ago

veotax commented 6 years ago

jCasbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, casbin has several advantages:

  1. roles can be cascaded, aka roles can have roles.
  2. support resource roles, so users have their roles and resource have their roles too. role = group here.
  3. the permission assignments (or policy in casbin's language) can be persisted in files or database.
  4. multiple models like ACL, BLP, RBAC, ABAC, RESTful are supported.

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I saw there's a RBAC roadmap here: https://github.com/prestodb/presto/issues/10368, and I think jCasbin is a good choice. What do you think? Thanks.

dain commented 6 years ago

The security in Presto has to be integrated into the core of the system due to how the query planner and connectors work, so we are not able to outsource this to a third party library.