PIP-49: Permission levels and inheritance

Status: Draft
Author: Xiaolong Ran(@wolf4j)
Pull request:
Mailing list discussion:
Release:

Motivation

The current pulsar admin‘s permission mechanism is somewhat confusing. There are some commands that have unreasonable permission verification, which causes pulsar’s permission management to be incorrectly applied in pulsar admin.

This PIP proposes the following permission changes for each admin API.

clusters

Command	Current Permissions	Proposed Permissions
get	super-user	super-user
create	super-user	super-user
update	super-user	super-user
delete	super-user	super-user
list	super-user	super-user
update-peer-clusters	super-user	super-user
get-peer-clusters	super-user	super-user
get-failure-domain	super-user	super-user
create-failure-domain	super-user	super-user
update-failure-domain	super-user	super-user
delete-failure-domain	super-user	super-user
list-failure-domain	super-user	super-user

brokers

Command	Current Permissions	Proposed Permissions
list	super-user	super-user
namespaces	super-user	super-user
update-dynamic-config	super-user	super-user
delete-dynamic-config	super-user	super-user
list-dynamic-config	super-user	super-user
get-all-dynamic-config	super-user	super-user
get-internal-config	super-user	super-user
get-runtime-config	super-user	super-user
healthcheck	super-user	super-user

broker-stats

Command	Current Permissions	Proposed Permissions
monitoring-metrics	super-user	super-user
mbeans	super-user	super-user
topics	super-user	super-user
allocator-stats	super-user	super-user
load-report	super-user	super-user

functions-worker

Command	Current Permissions	Proposed Permissions
function-stats	super-user	super-user
monitoring-metrics	super-user	super-user
get-cluster	super-user	super-user
get-cluster-leader	super-user	super-user
get-function-assignments	super-user	super-user

resource-quotas

Command	Current Permissions	Proposed Permissions
get	super-user	super-user
set	super-user	super-user
reset-namespace-bundle-quota	super-user	super-user

ns-isolation-policy

Command	Current Permissions	Proposed Permissions
get	super-user	super-user
set	super-user	super-user
list	super-user	super-user
delete	super-user	super-user
brokers	super-user	super-user
broker	super-user	super-user

tenants

Command	Current Permissions	Proposed Permissions
get	super-user	super-user
create	super-user	super user
update	super-user	super user
delete	super-user	super user
list	super-user	super user

schemas

Command	Current Permissions	Proposed Permissions
get	tenant admin	super user and tenant admin and produce
upload	tenant admin	super user and tenant admin and produce
extract	tenant admin	super user and tenant admin and produce
delete	tenant admin	super user and tenant admin and produce

functions

Command	Current Permissions	Proposed Permissions
localrun	none	none
create	super-user and tenant admin and function	super-user and tenant admin and function
delete	super-user and tenant admin and function	super-user and tenant admin and function
update	super-user and tenant admin and function	super-user and tenant admin and function
get	super-user and tenant admin and function	super-user and tenant admin and function
restart	super-user and tenant admin and function	super-user and tenant admin and function
stop	super-user and tenant admin and function	super-user and tenant admin and function
start	super-user and tenant admin and function	super-user and tenant admin and function
status	super-user and tenant admin and function	super-user and tenant admin and function
stats	super-user and tenant admin and function	super-user and tenant admin and function
list	super-user and tenant admin and function	super-user and tenant admin and function
querystate	super-user and tenant admin and function	super-user and tenant admin and function
trigger	super-user and tenant admin and function	super-user and tenant admin and function
putstate	super-user and tenant admin and function	super-user and tenant admin and function

sources

Command	Current Permissions	Proposed Permissions
localrun	none	none
create	super-user and tenant admin and function	super-user and tenant admin and function
delete	super-user and tenant admin and function	super-user and tenant admin and function
update	super-user and tenant admin and function	super-user and tenant admin and function
get	none	super-user and tenant admin and function
status	super-user and tenant admin and function	super-user and tenant admin and function
stop	super-user and tenant admin and function	super-user and tenant admin and function
start	super-user and tenant admin and function	super-user and tenant admin and function
list	super-user and tenant admin and function	super-user and tenant admin and function
restart	super-user and tenant admin and function	super-user and tenant admin and function

sinks

Command	Current Permissions	Proposed Permissions
localrun	none	none
create	super-user and tenant admin and function	super-user and tenant admin and function
delete	super-user and tenant admin and function	super-user and tenant admin and function
update	super-user and tenant admin and function	super-user and tenant admin and function
get	none	super-user and tenant admin and function
status	super-user and tenant admin and function	super-user and tenant admin and function
stop	super-user and tenant admin and function	super-user and tenant admin and function
start	super-user and tenant admin and function	super-user and tenant admin and function
list	super-user and tenant admin and function	super-user and tenant admin and function
restart	super-user and tenant admin and function	super-user and tenant admin and function

topics

Command	Current Permissions	Proposed Permissions
compact	tenant admin	super user and tenant admin
compaction-status	tenant admin	super user and tenant admin
offload	tenant admin	super user and tenant admin
offload-status	tenant admin	super user and tenant admin
create-partitioned-topic	tenant admin	super user and tenant admin
delete-partitioned-topic	tenant admin	super user and tenant admin
create	tenant admin	super user and tenant admin
get-partitioned-topic-metadata	tenant admin	super user and tenant admin and produce and consume
update-partitioned-topic	tenant admin	super user and tenant admin
list	tenant admin	super user and tenant admin
terminate	tenant admin	super user and tenant admin
permissions	tenant admin	super user and tenant admin
grant-permission	tenant admin	super user and tenant admin
revoke-permission	tenant admin	super user and tenant admin
lookup	produce or consume	super user and tenant admin and produce and consume
bundle-range	super-user	super user
delete	tenant admin	super user and tenant admin
unload	super-user	super user
create-subscription	tenant admin	super user and tenant admin and consume
stats	tenant admin	super user and tenant admin and produce and consume
stats-internal	tenant admin	super user and tenant admin and produce and consume
info-internal	tenant admin	super user and tenant admin and produce and consume
partitioned-stats	tenant admin	super user and tenant admin and produce and consume
skip-all	tenant admin	super user and tenant admin
expire-messages-all-subscriptions	tenant admin	super user and tenant admin
last-message-id	tenant admin	super user and tenant admin
create-subscription	tenant admin and namespace produce or consume	super user and tenant admin and produce and consume
unsubscribe	tenant admin and consume	super user and tenant admin and consume
skip	tenant admin or consume	super user and tenant admin and consume
expire-messages	tenant admin and produce or consume	super user and tenant admin and consume
peek-messages	tenant admin and produce or consume	super user and tenant admin and consume
reset-cursor	tenant admin and produce or consume	super user and tenant admin and consume
subscriptions	tenant admin and produce or consume	super user and tenant admin and consume

namespaces

Command	Current Permissions	Proposed Permissions
list	tenant admin	super user and tenant admin
topics	tenant admin	super user and tenant admin
policies	tenant admin	super user and tenant admin
create	tenant admin	super user and tenant admin
delete	tenant admin	super user and tenant admin
set-deduplication	tenant admin	super user and tenant admin
permissions	tenant admin	super user and tenant admin
grant-permissions	tenant admin	super user and tenant admin
revoke-permissions	tenant admin	super user and tenant admin
grant-subscription-permission	tenant admin	super user and tenant admin
revoke-subscription-permission	tenant admin	super user and tenant admin
set-clusters	tenant admin	super user and tenant admin
get-clusters	tenant admin	super user and tenant admin
get-backlog-quotas	tenant admin	super user and tenant admin
set-backlog-quota	tenant admin	super user and tenant admin
remove-backlog-quota	tenant admin	super user and tenant admin
get-persistence	tenant admin	super user and tenant admin
get-backlog-quotas	tenant admin	super user and tenant admin
set-backlog-quota	tenant admin	super user and tenant admin
remove-backlog-quota	tenant admin	super user and tenant admin
get-persistence	tenant admin	super user and tenant admin
set-persistence	tenant admin	super user and tenant admin
get-message-ttl	tenant admin	super user and tenant admin
set-message-ttl	tenant admin	super user and tenant admin
get-anti-affinity-group	tenant admin	super user and tenant admin
set-anti-affinity-group	tenant admin	super user and tenant admin
delete-anti-affinity-group	tenant admin	super user and tenant admin
get-anti-affinity-namespaces	tenant admin	super user and tenant admin
get-retention	tenant admin	super user and tenant admin
set-retention	tenant admin	super user and tenant admin
unload	super-user	super user
set-replicator-dispatch-rate	super-user	super user
get-replicator-dispatch-rate	tenant admin	super user and tenant admin
split-bundle	super-user	super user
set-dispatch-rate	super-user	super user
get-dispatch-rate	tenant admin	super user and tenant admin
get-subscribe-rate	tenant admin	super user and tenant admin
set-subscribe-rate	super-user	super user
set-subscription-dispatch-rate	super-user	super user
get-subscription-dispatch-rate	tenant admin	super user and tenant admin
clear-backlog	tenant admin	super user and tenant admin
unsubscribe	tenant admin	super user and tenant admin
set-encryption-required	tenant admin	super user and tenant admin
set-subscription-auth-mode	tenant admin	super user and tenant admin
get-max-producers-per-topic	tenant admin	super user and tenant admin
set-max-producers-per-topic	super-user	super user
get-max-consumers-per-topic	tenant admin	super user and tenant admin
set-max-consumers-per-topic	super-user	super user
get-max-consumers-per-subscription	tenant admin	super user and tenant admin
get-compaction-threshold	tenant admin	super user and tenant admin
get-offload-threshold	tenant admin	super user and tenant admin
get-offload-deletion-lag	tenant admin	super user and tenant admin
get-schema-autoupdate-strategy	tenant admin	super user and tenant admin
get-schema-validation-enforced	tenant admin	super user and tenant admin
set-schema-autoupdate-strategy	super-user	super user
set-schema-validation-enforced	super-user	super user
set-offload-deletion-lag	super-user	super user
clear-offload-deletion-lag	super-user	super user
set-offload-threshold	super-user	super user
set-compaction-threshold	super-user	super user
set-max-consumers-per-subscription	super-user	super user