You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe:
Currently, TiDB only supports the built-in authentication and authorization mechanism. The built-in mechanism is not flexible enough to meet the needs of some users. For example, some users may want to use their own authentication and authorization logic, or some users may want to integrate TiDB with their existing authentication and authorization system.
Using the extension system to implement an auth plugin is a good way for users to plug in their own logic.
Auth plugin is a feature supported in MySQL, so implementing this feature in TiDB will make it more compatible with MySQL.
Describe the feature you'd like:
Provide support in the extension system where TiDB users can implement their own authentication plugins with customized authentication (login) and authorization (privilege checking) logic.
Example:
If user implements a plugin called authentication_my_plugin, the user should be able to create a user using:
CREATEUSER 'my_user'@'%' IDENTIFIED WITH 'authentication_my_plugin'AS'optional_authentication_pwd';
where authn/authz for my_user will go through the customized logic in the implementation of authentication_my_plugin.
Describe alternatives you've considered:
MySQL already supports customized auth plugins
Currently, additional privilege checks or access control needs to happen outside of TiDB in a service layer above
Feature Request
Is your feature request related to a problem? Please describe:
Currently, TiDB only supports the built-in authentication and authorization mechanism. The built-in mechanism is not flexible enough to meet the needs of some users. For example, some users may want to use their own authentication and authorization logic, or some users may want to integrate TiDB with their existing authentication and authorization system.
Using the extension system to implement an auth plugin is a good way for users to plug in their own logic.
Auth plugin is a feature supported in MySQL, so implementing this feature in TiDB will make it more compatible with MySQL.
Describe the feature you'd like:
Provide support in the extension system where TiDB users can implement their own authentication plugins with customized authentication (login) and authorization (privilege checking) logic.
Example:
If user implements a plugin called
authentication_my_plugin
, the user should be able to create a user using:where authn/authz for
my_user
will go through the customized logic in the implementation ofauthentication_my_plugin
.Describe alternatives you've considered:
Teachability, Documentation, Adoption, Migration Strategy:
Design: #53182
The text was updated successfully, but these errors were encountered: