Thanks for submitting this PIP. I agree there is a gap in the existing feature offering, but I think we'll need a more nuanced approach for compatibility with existing clusters.
Here is some relevant historical context that anyone evaluating this PIP might find motivating. https://github.com/apache/pulsar/pull/11113 PR proposing the exact same change as mentioned in this PIP 347. PIP-167: Make it Configurable to Require Subscription Permission This PIP was proposed but never accepted. It tried to solve the same problem. https://github.com/apache/pulsar/issues/15597 https://github.com/apache/pulsar/pull/15576 (it was merged, then reverted) https://lists.apache.org/thread/x6zg2l7hrtopd0yty93fhctsnm9n0wbt Community meeting discussion notes on PIP 167 (see bottom of email) Matteo suggests adding a positive permission model to match the rest of pulsar. https://lists.apache.org/thread/6pgvpx1gxcx21d9fwcbgvfg2xgk5tfmw My current thoughts: The current flow is a mix of positive and negative permission models, which is not easy to reason about. I agree with Matteo's point from that community meeting (2 years ago!). The best solution to this problem is to make it possible to configure a role to consume from only one subscription. This would translate to one call to grant permission instead of the two currently required. I do not think we can accept this PIP as-is. It will break any pulsar installation that does not already configure subscription level permission, and given that subscription level permissions are not well documented in the project, I doubt they are used by many. Thanks, Michael On Tue, Apr 23, 2024 at 3:25 AM thetumbled <wof...@qq.com.invalid> wrote: > > Hi, pulsar community. > I open a new PIP for finding out the owner of subscriptions. > link: https://github.com/apache/pulsar/pull/22564. > Thanks. > thetumbled.