INNOCENT-BOY opened a new pull request #8314: URL: https://github.com/apache/pinot/pull/8314
## Description <!-- Add a description of your PR here. A good description should include pointers to an issue or design document, etc. --> Our team has developed a User console tab in the pinot controller page, to have better access control management. By adopting the user console, the admin can: 1. ADD/DELETE/UPDATE a user 2. ADD/DELETE/UPDATE permissions of tables. The screenshot below demonstrates how it looks.  Under the current pinot version, the user access control configuration is stored in the config file(such as pinot-controller. properties), and when you try to add or modify users to Pinot. This led to a bad experience because you have to rewrite the config file and restart the controller/broker/server to make this adjustment work. That is why in our design, we store user config info to Zookeeper (in Helix PropertyStore). More specifically: - User Configuration store in ZK and encrypted user password via *AES Encryption Algorithm;* - *The user role has been distinguished by **user** and **admin.** Only admin can have access to the user console page in pinot controller.* - *You can change on user role without restarting your pinot clusters, and this change happens immediately (*We design a UserCache class based on the watcher mechanism to monitor user config in ZK.*)* ## Upgrade Notes Does this PR prevent a zero down-time upgrade? (Assume upgrade order: Controller, Broker, Server, Minion) * [ ] NO (Please label as **<code>backward-incompat</code>**, and complete the section below on Release Notes) Does this PR fix a zero-downtime upgrade introduced earlier? * [ ] NO (Please label this as **<code>backward-incompat</code>**, and complete the section below on Release Notes) Does this PR otherwise need attention when creating release notes? Things to consider: - New configuration options - Deprecation of configurations - Signature changes to public methods/interfaces - New plugins added or old plugins removed * [ ] Yes (Please label this PR as **<code>release-notes</code>** and complete the section on Release Notes) ## Release Notes <!-- If you have tagged this as either backward-incompat or release-notes, you MUST add text here that you would like to see appear in release notes of the next release. --> <!-- If you have a series of commits adding or enabling a feature, then add this section only in final commit that marks the feature completed. Refer to earlier release notes to see examples of text. --> ## Documentation <!-- If you have introduced a new feature or configuration, please add it to the documentation as well. See https://docs.pinot.apache.org/developers/developers-and-contributors/update-document --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
