This is an automated email from the ASF dual-hosted git repository.
jianglongtao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 2e4646ab4e2 modify according to new template (#19868)
2e4646ab4e2 is described below
commit 2e4646ab4e2c96bc1e505e8aaf63bef84233f70c
Author: Mike0601 <[email protected]>
AuthorDate: Thu Aug 4 18:12:41 2022 +0800
modify according to new template (#19868)
* modify according to new template
* change permission to authority
---
.../yaml-config/authentication.cn.md | 36 +++++++++++++----
.../yaml-config/authentication.en.md | 45 +++++++++++++++-------
2 files changed, 61 insertions(+), 20 deletions(-)
diff --git
a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.cn.md
b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.cn.md
index 03011b1cd5c..f2a0d84cd26 100644
---
a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.cn.md
+++
b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.cn.md
@@ -3,9 +3,20 @@ title = "权限"
weight = 1
+++
-用于配置登录计算节点的初始用户,和存储节点数据授权。
+权限配置用于设置能够连接到 ShardingSphere-Proxy 的用户,并可以为他们授予不同的权限。
-## 配置项说明
+## 背景信息
+
+在 ShardingSphere-Proxy 中,通过全局规则 Authority Rule (标识为 !AUTHORITY)来配置用户和授权信息。
+
+得益于 ShardingSphere 的可插拔架构,Proxy 提供了两种级别的权限提供者,分别是:
+
+- `ALL_PERMITTED`:授予所有权限,不鉴权;
+- `DATABASE_PERMITTED`:为用户授予指定逻辑库的权限,通过 user-database-mappings 进行映射。
+
+在配置 Authority Rule 时,管理员可根据需要选择使用哪一种权限提供者。
+
+## 参数解释
```yaml
rules:
@@ -19,6 +30,7 @@ rules:
## 配置示例
### ALL_PERMITTED
+
```yaml
rules:
- !AUTHORITY
@@ -29,21 +41,31 @@ rules:
type: ALL_PERMITTED
```
+以上配置表示:
+- 用户 `root`,仅可从 `localhost` 连接 Proxy,密码为 `root`;
+- 用户 `my_user`,可以从任意主机连接 Proxy,密码为 `pwd`;
+- `provider` 类型为 `ALL_PERMITTED`,表示对用户授予所有权限,不鉴权。
+
### DATABASE_PERMITTED
+
```yaml
rules:
- !AUTHORITY
users:
- - root@:root
+ - root@localhost:root
- my_user@:pwd
provider:
type: DATABASE_PERMITTED
props:
- user-database-mappings: root@=sharding_db, root@=test_db,
[email protected]=sharding_db
+ user-database-mappings: root@localhost=sharding_db,
root@localhost=test_db, my_user@=sharding_db
```
+
以上配置表示:
-- root 用户从任意主机连接时,可访问 `sharding_db`。
-- root 用户从任意主机连接时,可访问 `test_db` 。
-- my_user 用户仅当从 127.0.0.1 连接时,可访问 `sharding_db`。
+
+- `provider` 类型为 `DATABASE_PERMITTED`,表示对用户授予库级别权限,需要配置;
+- 用户 `root` 仅可从 `localhost` 主机连接,可访问 `sharding_db` 和 `test_db`;
+- 用户 `my_user` 可从任意主机连接,可访问 `sharding_db`。
+
+## 相关参考
权限提供者具体实现可以参考 [权限提供者](/cn/dev-manual/proxy)。
diff --git
a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.en.md
b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.en.md
index c9d9e152a9f..44b90e457d2 100644
---
a/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.en.md
+++
b/docs/document/content/user-manual/shardingsphere-proxy/yaml-config/authentication.en.md
@@ -1,22 +1,33 @@
+++
-title = "Authority"
+title = "Authorization"
weight = 1
+++
-It is used to set up initial user to login compute node, and authority data of
storage node.
+Authorization configuration provided for users who can connect to
ShardingSphere-Proxy. Users can be granted different authorities.
-## Configuration Item Explanation
+## Background
+
+ShardingSphere-Proxy uses the global rule, Authority Rule (identified as
!AUTHORITY), to configure user and authorization information.
+
+Thanks to ShardingSphere's pluggable architecture, Proxy provides two levels
of authority providers, namely:
+
+- `ALL_PERMITTED`: grant all authorities by default without authentication.
+- `DATABASE_PERMITTED`: grant users the authority to specify a logical
database, mapped through `user-database-mappings`.
+
+The administrator can choose which authority provider to use as needed when
configuring the Authority Rule.
+
+## Parameter
```yaml
rules:
- !AUTHORITY
users:
- - # Username, authorized host and password for compute node. Format:
<username>@<hostname>:<password>, hostname is % or empty string means do not
care about authorized host
+ - # Specify the username, authorized host, and password for logging in
to the compute node. Format: <username>@<hostname>:<password>. When the
hostname is % or an empty string, it indicates that the authorized host is not
limited.
provider:
- type: # authority provider for storage node, the default value is
ALL_PERMITTED
+ type: # The authority provider type for storage node. The default value
is ALL_PERMITTED.
```
-## Example
+## Sample
### ALL_PERMITTED
```yaml
@@ -29,21 +40,29 @@ rules:
type: ALL_PERMITTED
```
+The above configuration indicates:
+- The user `root` can connect to Proxy only through
[localhost](http://localhost), and the password is `root`.
+- The user `my_user` can connect to Proxy through any host, and the password
is `pwd`.
+- The `provider` type is `ALL_PERMITTED`, which indicates that users are
granted all authorities by default without authentication.
+
### DATABASE_PERMITTED
```yaml
rules:
- !AUTHORITY
users:
- - root@:root
+ - root@localhost:root
- my_user@:pwd
provider:
type: DATABASE_PERMITTED
props:
- user-database-mappings: root@=sharding_db, root@=test_db,
[email protected]=sharding_db
+ user-database-mappings: root@localhost=sharding_db,
root@localhost=test_db, my_user@=sharding_db
```
-The above configuration means:
-- The user `root` can access `sharding_db` when connecting from any host
-- The user `root` can access `test_db` when connecting from any host
-- The user `my_user` can access `sharding_db` only when connected from
127.0.0.1
-Refer to [Authority Provider](/en/dev-manual/proxy) for more implementations.
+The above configuration indicates:
+- The `provider` type is `DATABASE_PERMITTED`, which indicates that users are
granted database-level authority and configuration is needed.
+- The user `root` can connect to Proxy only through
[localhost](http://localhost) and can access `sharding_db` and `test_db`.
+- The user `my_user` can connect to Proxy through any host and can access
`sharding_db`.
+
+## Related References
+
+Please refer to [Authority Provider](/en/dev-manual/proxy) for specific
implementation of authority provider.
