[I] [FEATURE] Add authorization management support to Python client (User/Group/Role/Privilege CRUD) [gravitino]

Tue, 14 Apr 2026 02:37:18 -0700 


sunyuhan1998 opened a new issue, #10782:
URL: https://github.com/apache/gravitino/issues/10782

   ### Describe the feature
   
     ### Describe the feature
   
     The Gravitino Java client already supports full authorization management 
(User, Group, Role, Privilege CRUD), but the Python client lacks these
     capabilities. Users who need to manage authorization must fall back to raw 
REST API calls, which is error-prone and inconsistent with the SDK's
     design.
   
     This issue proposes adding the following authorization methods to 
`GravitinoMetalake`:
   
     **User management:**
     - `add_user(name)` / `get_user(name)` / `remove_user(name)`
     - `list_users()` / `list_user_names()`
   
     **Group management:**
     - `add_group(name)` / `get_group(name)` / `remove_group(name)`
     - `list_groups()` / `list_group_names()`
   
     **Role management:**
     - `create_role(name, properties, securable_objects)` / `get_role(name)` / 
`delete_role(name)`
     - `list_role_names()`
   
     **Permission operations:**
     - `grant_roles_to_user(roles, user)` / `revoke_roles_from_user(roles, 
user)`
     - `grant_roles_to_group(roles, group)` / `revoke_roles_from_group(roles, 
group)`
     - `grant_privileges_to_role(role, securable_object, privileges)` / 
`revoke_privileges_from_role(role, securable_object, privileges)`
   
     ### Motivation
   
     Currently, Python SDK users cannot manage Gravitino authorization without 
directly calling REST APIs (e.g., `POST /api/metalakes/{m}/users`, `POST
      /api/metalakes/{m}/roles`). This creates a fragmented experience where 
catalog/schema/fileset operations use the SDK but authorization operations
      bypass it.
   
     The Java SDK has complete authorization support via `GravitinoMetalake`. 
The Python SDK should provide equivalent functionality.
   
     ### Describe the solution
   
    I will submit a PR to implement this later.
   
   
   ### Motivation
   
   _No response_
   
   ### Describe the solution
   
   _No response_
   
   ### Additional context
   
   _No response_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to