[INLONG-1186][Doc] Update security doc#1187
Merged
Merged
Conversation
added 11 commits
June 30, 2026 14:27
vernedeng
approved these changes
Jun 30, 2026
ppkarwasz
approved these changes
Jun 30, 2026
dockerzhang
approved these changes
Jun 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1186
Motivation
Update security doc.
Add tenant-related security model.
The Manager module in Apache InLong provides tenant isolation capabilities, enabling permission management based on tenants. Any member of a tenant can view all business information within that tenant, while only the responsible personnel of a Group can modify or delete Group, Sink, Stream, and related entities. We believe that if users want to ensure their business data is not accessible by others, they simply need to prevent other users from joining their tenant. Therefore, if potential vulnerabilities arise due to tenant members being able to access Group, Stream, or similar information within the same tenant, such issues should not be reported as security vulnerabilities in Apache InLong. We welcome suggestions for enhancing the codebase.
Modifications
Verifying this change
(Please pick either of the following options)
This change is a trivial rework/code cleanup without any test coverage.
This change is already covered by existing tests, such as:
(please describe tests)
This change added tests and can be verified as follows:
(example:)
Documentation