Search before asking
Motivation
Currently, RPC GetFileSystemSecurityToken is a cluster level operation that grand user a STS temporary token for all table files on remote storage. There is a big security risk on this. And we should support table-level STS token.
Solution
Add repeated PbTablePath tables = 1; in GetFileSystemSecurityTokenRequest, and grand STS permission for the given paths on remote storage (see how to grant directory permission for OSS, link).
Anything else?
No response
Willingness to contribute
Search before asking
Motivation
Currently, RPC GetFileSystemSecurityToken is a cluster level operation that grand user a STS temporary token for all table files on remote storage. There is a big security risk on this. And we should support table-level STS token.
Solution
Add
repeated PbTablePath tables = 1;inGetFileSystemSecurityTokenRequest, and grand STS permission for the given paths on remote storage (see how to grant directory permission for OSS, link).Anything else?
No response
Willingness to contribute