Server Authorization¶
Server Authorization can be enabled in Unity Catalog Server using server.authorization property in etc/conf/server.properties configuration file.
With Server Authorization enabled, the UC server uses AuthDecorator to enforce permission to access the API services based on Bearer Authentication or UC_TOKEN cookie.
server.authorization¶
To enable the server authorization server.authorization property should be enable (case-insensitive).
With server authorization enabled, Unity Catalog Server registers AuthDecorator to intercept all requests to /api/2.1/unity-catalog/-prefixed URLs.
With server authorization enabled, Unity Catalog Server uses JCasbinAuthorizer for role-based access control (RBAC).
UnityAccessDecorator¶
Unity Catalog Server uses UnityAccessDecorator to enforce Role-Based Access Control (RBAC).
Bearer Authentication¶
OpenAPI Guide
From OpenAPI Guide (extra spacing mine):
Bearer Authentication (token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens.
The name "Bearer authentication" can be understood as "give access to the bearer of this token."
The bearer token is a cryptic string, usually generated by the server in response to a login request.
The client must send this token in the Authorization header when making requests to protected resources:
The Bearer authentication scheme was originally created as part of OAuth 2.0 in RFC 6750.
Bearer authentication should only be used over HTTPS (SSL).
Unity Catalog CLI uses auth_token command-line option to assign a personal access token for authentication.
etc/conf/token.txt
A sample personal access token is available as etc/conf/token.txt.