JCasbinAuthorizer¶

JCasbinAuthorizer is a UnityCatalogAuthorizer based on jCasbin open-source access control library.

JCasbinAuthorizer is used by UnityCatalogServer with server.authorization enabled.

JCasbinAuthorizer uses jcasbin_auth_model.conf configuration file for access control models.

Creating Instance¶

JCasbinAuthorizer takes no arguments to be created.

While being created, JCasbinAuthorizer reads the following configuration properties (using HibernateUtils) to create a JDBCAdapter (jdbc-adapter):

hibernate.connection.driver_class
hibernate.connection.url
hibernate.connection.user
hibernate.connection.password

JCasbinAuthorizer creates an access control model from jcasbin_auth_model.conf.

JCasbinAuthorizer creates the Enforcer that is configured to save policy rules automatically when they are added or removed.

JCasbinAuthorizer is created when:

UnityCatalogServer is requested to register the API services

Enforcer¶

JCasbinAuthorizer creates an Enforcer (jCasbin) when created.

Grant Authorization¶

UnityCatalogAuthorizer

boolean grantAuthorization(
  UUID principal,
  UUID resource,
  Privileges action)

grantAuthorization is part of the UnityCatalogAuthorizer abstraction.

grantAuthorization requests the Enforcer to add an authorization rule (to the current p policy rule).