Authentication & Authorization

Thanks to ShardingSphere’s pluggable architecture, Proxy provides two levels of privilege providers, namely:

ALL_PERMITTED: each user has all privileges without special authorization;
DATABASE_PERMITTED: grant the user privileges on the specified logical databases, defined by user-database-mappings.

The administrator can choose which privilege provider to use as needed when configuring authority.

Two users are defined: root@% and sharding;
authenticationMethodName is not specified for root@127.0.0.1, Proxy will automatically choose the authentication method according to the frontend protocol;
privilege provider is not specified, the default ALL_PERMITTED will be used;

Custom authentication configuration can meet the needs of users in some specific scenarios. Taking openGauss as the frontend protocol type as an example, its default authentication method is scram-sha-256. If the user needs to use an old version of the psql client (which does not support scram-sha-256) to connect to the Proxy, the administrator may allow sharding to use the md5 method for password authentication. The configuration is as follows:

illustrate:

Two users are defined: root@127.0.0.1 and sharding;
Authentication method is not specified for root@127.0.0.1, Proxy will automatically choose one according to the frontend protocol;
The privilege provider ALL_PERMITTED is specified.

ALL_PERMITTED

Two users are defined: root@127.0.0.1 and sharding;
authenticators and are not defined, Proxy will automatically choose the authentication method according to the frontend protocol;
The privilege provider ALL_PERMITTED is specified.

DATABASE_PERMITTED

illustrate:

Two users are defined: root@127.0.0.1 and sharding;
authenticators and authenticationMethodName are not defined, Proxy will automatically choose the authentication method according to the frontend protocol;

Please refer to for specific implementation of authority provider.