yujunjun/datahub
2
0
Fork 0
mirror of https://github.com/datahub-project/datahub.git synced 2025-11-03 04:10:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat Add more granular USERS and GROUPS privileges (#12637)

Browse Source 
Co-authored-by: Diogo Vala <diogo.vala@swisscom.com>
Co-authored-by: david-leifker <114954101+david-leifker@users.noreply.github.com>
This commit is contained in:
DiogoVala 2025-07-11 17:58:55 +02:00 committed by GitHub
parent 3c748c1b3c
commit 4c00e39b96
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java
View File

@ -71,6 +71,18 @@ public class PoliciesConfig {
"Update Users & Groups",
"Update users and groups on DataHub.");
static final Privilege CREATE_USERS_PRIVILEGE =
Privilege.of("CREATE_USERS", "Create Users", "Create users on DataHub.");
static final Privilege UPDATE_USERS_PRIVILEGE =
Privilege.of("UPDATE_USERS", "Update Users", "Update users on DataHub.");
static final Privilege CREATE_GROUPS_PRIVILEGE =
Privilege.of("CREATE_GROUPS", "Create Groups", "Create groups on DataHub.");
static final Privilege UPDATE_GROUPS_PRIVILEGE =
Privilege.of("UPDATE_GROUPS", "Update Groups", "Update groups on DataHub.");
private static final Privilege VIEW_ANALYTICS_PRIVILEGE =
Privilege.of("VIEW_ANALYTICS", "View Analytics", "View the DataHub analytics dashboard.");
@ -206,6 +218,10 @@ public class PoliciesConfig {
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
CREATE_USERS_AND_GROUPS_PRIVILEGE,
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
CREATE_USERS_PRIVILEGE,
UPDATE_USERS_PRIVILEGE,
CREATE_GROUPS_PRIVILEGE,
UPDATE_GROUPS_PRIVILEGE,
VIEW_ANALYTICS_PRIVILEGE,
GET_ANALYTICS_PRIVILEGE,
MANAGE_DOMAINS_PRIVILEGE,
@ -1092,17 +1108,23 @@ public class PoliciesConfig {
.put(
ApiOperation.CREATE,
Disjunctive.disjoint(
CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
CREATE_USERS_AND_GROUPS_PRIVILEGE,
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
CREATE_USERS_PRIVILEGE,
UPDATE_USERS_PRIVILEGE))
.put(
ApiOperation.READ,
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ))
.put(
ApiOperation.UPDATE,
Disjunctive.disjoint(
UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
UPDATE_USERS_PRIVILEGE))
.put(
ApiOperation.DELETE,
Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE))
Disjunctive.disjoint(
MANAGE_USERS_AND_GROUPS_PRIVILEGE, UPDATE_USERS_PRIVILEGE))
.put(
ApiOperation.EXISTS,
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.EXISTS))
@ -1113,17 +1135,23 @@ public class PoliciesConfig {
.put(
ApiOperation.CREATE,
Disjunctive.disjoint(
CREATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
CREATE_USERS_AND_GROUPS_PRIVILEGE,
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
CREATE_GROUPS_PRIVILEGE,
UPDATE_GROUPS_PRIVILEGE))
.put(
ApiOperation.READ,
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.READ))
.put(
ApiOperation.UPDATE,
Disjunctive.disjoint(
UPDATE_USERS_AND_GROUPS_PRIVILEGE, MANAGE_USERS_AND_GROUPS_PRIVILEGE))
UPDATE_USERS_AND_GROUPS_PRIVILEGE,
MANAGE_USERS_AND_GROUPS_PRIVILEGE,
UPDATE_GROUPS_PRIVILEGE))
.put(
ApiOperation.DELETE,
Disjunctive.disjoint(MANAGE_USERS_AND_GROUPS_PRIVILEGE))
Disjunctive.disjoint(
MANAGE_USERS_AND_GROUPS_PRIVILEGE, UPDATE_GROUPS_PRIVILEGE))
.put(
ApiOperation.EXISTS,
API_PRIVILEGE_MAP.get(ApiGroup.ENTITY).get(ApiOperation.EXISTS))