[feat](authorization)Centralizing Common Authorization Operations in Common Interface#43595

CalvinKirs · 2024-11-11T07:43:08Z

What problem does this PR solve?

Optimize Column-Level Permission Checks Using Table-Level Permissions:

Since having column-level permissions does not imply table-level permissions, but having table-level permissions does imply permissions on all columns within the table, we can streamline column permission checks. When checking column-level permissions, we can first check if the user has table-level permissions. If table-level permissions are granted, column-level checks become unnecessary. Only if table-level permissions are absent do we proceed with specific column-level permission checks.

###$ Global Permissions Shortcut: Global-level permissions typically grant full access across all operations.

Therefore, to optimize permission checks, we can add an early check for global permissions. If the user has global permissions, they are authorized, and further permission checks at the database, table, or column levels are unnecessary, allowing us to return immediately.

Check List (For Author)

Test
- Regression test
- Unit Test
- Manual test (add detailed scripts or steps below)
- No need to test or manual test. Explain why:
  - This is a refactor/code format and no logic has been changed.
  - Previous test can cover this change.
  - No code files have been changed.
  - Other reason
Behavior changed:
- No.
- Yes.
Does this need documentation?
- No.
- Yes.

Check List (For Reviewer who merge this PR)

Confirm the release note
Confirm test cases
Confirm document
Add branch pick label

…a Common Interface ### Optimize Column-Level Permission Checks Using Table-Level Permissions: Since having column-level permissions does not imply table-level permissions, but having table-level permissions does imply permissions on all columns within the table, we can streamline column permission checks. When checking column-level permissions, we can first check if the user has table-level permissions. If table-level permissions are granted, column-level checks become unnecessary. Only if table-level permissions are absent do we proceed with specific column-level permission checks. ### Global Permissions Shortcut: Global-level permissions typically grant full access across all operations. Therefore, to optimize permission checks, we can add an early check for global permissions. If the user has global permissions, they are authorized, and further permission checks at the database, table, or column levels are unnecessary, allowing us to return immediately.

doris-robot · 2024-11-11T07:43:13Z

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

What problem was fixed (it's best to include specific error reporting information). How it was fixed.
Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
What features were added. Why was this function added?
Which code was refactored and why was this part of the code refactored?
Which functions were optimized and what is the difference before and after the optimization?

…Common Interface apache#43595 (apache#208) * [feat](authorization)Centralizing Common Authorization Operations in Common Interface apache#43595 * [feat](authorization)Centralizing Common Authorization Operations in Common Interface apache#43595

github-actions · 2025-05-13T00:13:37Z

We're closing this PR because it hasn't been updated in a while.
This isn't a judgement on the merit of the PR in any way. It's just a way of keeping the PR queue manageable.
If you'd like to revive this PR, please reopen it and feel free a maintainer to remove the Stale tag!

github-actions bot added the Stale label May 13, 2025

github-actions bot closed this May 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

[feat](authorization)Centralizing Common Authorization Operations in Common Interface#43595