I got it. I think the current architecture is ok, a developer will get a token, he has the token, he can produce and consume messages, after entering the platform, he can only see the topic bound with the token or some statistical information of namespace, he does not have any permission to change resources, I think this will be added by default, here we call this role the service API.
Thanks, Guangning Yuva raj <uvar...@gmail.com> 于2019年11月22日周五 上午10:50写道: > Readonly role at pulsar-manager level. In our case we allow developers > to access pulsar-manager to analyze topic metrics (produce /consume > rate, list of consumers & subscriptions etc ). But we don't want to > allow them to make any changes to the pulsar resources, such as > clusters, namespaces or topics. > > On Fri, 22 Nov 2019 at 07:46, Guangning E <eguangn...@gmail.com> wrote: > > > > I'd like to know what you mean by read-only role and what operations it > is > > mainly used for. At present, pulsar-manager manages the permissions that > > already exist in pulsar. I see that there are two PIP's on permission > > improvement in pulsar. On this basis, we can easily expand roles in > > pulsar-manager to adapt to pulsar's permissions. > > > > Yuva raj <uvar...@gmail.com> 于2019年11月21日周四 下午8:07写道: > > > > > Hi Guangning, Overall looks good. I am looking forward for an example > how > > > can we create a read only role ? Can we please add an `read` action > also > > > into verb list ? > > > > > > On Thu, Nov 21, 2019, 12:40 PM Guangning E <eguangn...@gmail.com> > wrote: > > > > > > > Hi everyone, > > > > The current pulsar-manager already supports basic JWT certification, > > > > authorization and management, and we want to further integrate with > > > > pulsar's multi-tenant system, so we drafted the following document > on the > > > > certification and authorization of the pulsar-manager. If you have > any > > > > ideas, you can comment directly on the document or reply to this > email > > > > > > > > > > > > https://docs.google.com/document/d/1wAErarwtXT5A2JeiSxuXyMuqSgPVN68d2t-pnmkSrDA/edit > > > > > > > > Thanks, > > > > Guangning > > > > > > > > > > > -- > Thanks > > Yuvaraj L >
