...
DB Schema for entities
1、User
id | tenant | username | is_super | is_deleted | created_time | updated_time |
Attribute is_super is true for root user, meaning the root is a super user.
...
The root user does not belong to any role.
2、Resource Types
id | resource_type | resource_name | created_time |
Resource types are globally unique, no need to add attribute tenant for it.
3、Privilege
id | tenant | resource_type | privilege | updated_time | is_deleted | created_time |
4、Role
id | tenant | role_name | updated_time | is_deleted | created_time |
5、Role mapping
id | tenant | user_id | role_id | is_deleted | created_time |
By design, a role inherited from another role is not possible here.
...
6、Privileges of resource COLLECTION
id | tenant | grantor_name | principal_name | principal_type | collection_priv | collection_id | is_deleted | created_time |
Grantor_name is the user who grants the privileges.
Principal_name is the target which grantor grants privileges to.
The value of principal_type are USER or ROLE.
Collection_priv is the privilege to a collection, like SELECT, INSERT, UPDATE, etc.
...
7、Privileges of resource DATABASE (Not used now)
id | tenant | grantor_name | principal_name | principal_type | db_priv | db_id | is_deleted | created_time |
Db_priv is the privilege to a database, like CREATE, DROP, etc.
KV Store Schema
1、User
/prefix/credentials/users/{tenant}/{username} | {"userType": "admin"} |
2、Resource Types
/prefix/credentials/resources/{resourcename} | nil |
3、Privilege
/prefix/credentials/privileges/{tenant}/{privilege} | nil |
4、Role
/prefix/credentials/roles/{tenant}/{rolename} | nil |
5、Role mapping
/prefix/credentials/user-role-mapping/{tenant}/{username}/{rolename} | nil |
6、Grantee's Privileges
/prefix/credentials/grantee-privileges/{tenant}/{principalType}/{principalName}/{resourceType}/{resourceName} | ["SELECT", "UPDATE"] |
Resources & Privileges defined in Milvus
Users/Roles can be granted the following privileges:
| Privileges | Resources |
| ALL | Collection |
| CREATE | Collection |
| DROP | Collection |
| ALTER | Collection |
| SELECT | Collection |
| INSERT | Collection |
| DELETE | Collection |
| UPDATE | Collection |
| GRANT | Collection |
| REVOKE | Collection |
APIs
For every API, parameter tenant is mandatory for avoiding loading too much data to memory.
...
| Code Block | ||
|---|---|---|
| ||
func UserGrantList(principalName string, principalType string, resourceType string, resourceName string) []UserGrant |
Output structure:
| ResourceType | ResourceName | PrincipalName | PrincipalType | Privilege |
|---|---|---|---|---|
| Collection | tbl_1 | Alice | User | INSERT |
Users can only query the grants for himself. And only root user can query grants for a role.
...
| Code Block | ||
|---|---|---|
| ||
func RoleGrantList(roleName string) []RoleGrant |
Output:
| Role | Privilege | ResourceType | ResourceName |
|---|---|---|---|
| role_a | INSERT | COLLECTION | tbl_1 |
| role_a | SELECT | COLLECTION | tbl_1 |
| role_a | CREATE | DATABASE | db_1 |
| role_a | DROP | DATABASE | db_1 |
The API may query multiple tables depending on how many resource types milvus supporting.
...
| Code Block | ||
|---|---|---|
| ||
func RoleList() []Role |
Output:
| RoleName |
|---|
| admin |
| role_a |
8、List role memberships
| Code Block | ||
|---|---|---|
| ||
func RoleMembershipList(roleName string) []RoleMembership |
Output:
| RoleName | UserName |
|---|---|
| admin | root |
Only root user can use the api.
...
| Code Block | ||
|---|---|---|
| ||
func UserList() []User |
Output:
| UserName | Roles |
|---|---|
| root | [admin, role_a] |
Only root user can use the api.
...
| Code Block | ||
|---|---|---|
| ||
func ResourceList() []Resource |
Output:
| Resource |
|---|
| COLLECTION |
| DATABASE |
12、List all privileges
| Code Block | ||
|---|---|---|
| ||
func PrivilegeListOfResource(resourceType string) []Privilege |
Output:
| ResourceType | Privilege |
|---|---|
| COLLECTION | INSERT |
| COLLECTION | SELECT |
13、Delete User
The root user cannot be deleted.
The root is initialized by default when milvus service starts. Once the root user is created, basic auth will be turned on automatically.
...
- Presetting users, resource types, privileges are stored in local files. When milvus starts, it will load these files and insert records into database.
- Presetting users, resource types and privileges can be added into files and taking effect after restarting milvus service.
- The root user is the only user that has privileges for creating and dropping users.
- In MEP-27, basic auth is taking effect if there are any existing users. It Since root user is created by default once Milvus service starts, it needs to introduce a toggle to know where the basic auth is turned on.
- Using Casbin for role-based privileges check ???
...