Hi Ruguo, Thanks for bringing this to the mailing list.
I think we should maintain our current authorization granularity, even if we're not currently using it in the default authorization provider. I see you updated your PR [0] to keep the granularity--I'll provide a review soon. Thanks, Michael [0] https://github.com/apache/pulsar/pull/13157 On Wed, Dec 8, 2021 at 6:08 AM Ruguo Yu <jiang7chengz...@163.com> wrote: > > Hi Pulsar Community, > > Currently, only super-user and tenant-administrator can set/get/remove the > subscription policies of the namespace. The subscription policies includes: > subscription-expiration-time > subscription-auth-mode > subscription-types-enabled > subscription-dispatch-rate > max-consumers-per-subscription > max-unacked-messages-per-subscription > auto-subscription-creation > Is it possible for the authorization to operate the subscription policies to > converge further? For example, roles that have permission to `consume` > namespaces can also operate above policies, at least to get the subscription > policy is allowed. I look forward to your views. > > In addition, I submitted a draft[0], you can take a look if you are > interested. > > > > Thanks, > > Ruguo Yu > > > > [0] - https://github.com/apache/pulsar/pull/13157 >
