icefury71 commented on pull request #6685: URL: https://github.com/apache/incubator-pinot/pull/6685#issuecomment-800638140
> > > Isnt it better to have a property called clusterUI and set it to different modes? Query-only can be one mode, The next level can be query and data push and the next level can be to change table properties and the one after that will. be cluster admin, > > > > > > Good point - on that note - the more comprehensive solution will be to integrate UI with the AuthN/Z scheme Alex is working on (in conjunction with something like RBAC). We should discuss that in detail once the backend is ready. Adding flags for all such combinations might be a bit of an overhead. > > Exactly. So, just add a UIMode. For starters, we will recognize an unset field (meaning all are allowed) or "QueryConsoleOnly". > > Another way to do this will be to provide different http endpoints for the capabilities, but if we wanted step-wise capability, this will be a lot more code (or at least instances of code) but then may provide an easier path towards password on the console? (not sure) We don't need to rely on flags for the advanced controls. For eg: Alex's PR adds an API for exposing the security capability configured within Pinot (None, Basic, OAuth2, ...). Cluster Manager should be able to use that API and figure out what needs to be done. Eg: for "Basic" -> display a login screen for username and password (in fact this PR is in progress as we speak). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
