Skip to content

Block access to all predicates by default in ACL #4082

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ashish-goswami opened this issue Sep 27, 2019 · 2 comments
Closed

Block access to all predicates by default in ACL #4082

ashish-goswami opened this issue Sep 27, 2019 · 2 comments
Assignees
@ashish-goswami
Labels
area/enterprise Related to proprietary features area/security Security related issues kind/enhancement Something could be better. priority/P1 Serious issue that requires eventual attention (can wait a bit) status/accepted We accept to investigate/work on it.
Milestone
Dgraph v1.1.1

Comments

@ashish-goswami
Copy link
Contributor

Currently if dgraph cluster is booted up with ACL on, all predicates can be accessed until first rule is created. Ideally we should not allow access to any predicates by default if ACL is on. We can expose acl_allow_all flag to allow access to all predicates after the cluster boot up.

Final behaviour will look as follows -

ACL is off

Access to all predicates is OK

ACL is on

NO Access to any predicates for reading/writing/modifying

ACL is on but cluster is run with the option acl_allow_on

Access to all predicates is OK
@ashish-goswami ashish-goswami added kind/enhancement Something could be better. priority/P1 Serious issue that requires eventual attention (can wait a bit) area/security Security related issues status/accepted We accept to investigate/work on it. labels Sep 27, 2019
@ashish-goswami ashish-goswami self-assigned this Sep 27, 2019
@campoy campoy added this to the Dgraph v1.1.1 milestone Sep 27, 2019
@campoy
Copy link
Contributor

campoy commented Sep 27, 2019

We should indeed fix this, yes. I agree with the proposed behavior.

@campoy campoy added the area/enterprise Related to proprietary features label Sep 27, 2019
@mangalaman93 mangalaman93 mentioned this issue Oct 1, 2019
Closed
@minhaj-shakeel
Copy link
Contributor

Github issues have been deprecated.
This issue has been moved to discuss. You can follow the conversation there and also subscribe to updates by changing your notification preferences.

drawing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashish-goswami ashish-goswami

Labels
area/enterprise Related to proprietary features area/security Security related issues kind/enhancement Something could be better. priority/P1 Serious issue that requires eventual attention (can wait a bit) status/accepted We accept to investigate/work on it.
Milestone
Dgraph v1.1.1
Development

No branches or pull requests
3 participants
@campoy @ashish-goswami @minhaj-shakeel