Add Authentication and Authorization

[em3s]

Background

Add authentication and authorization support.

Introduce a new system table, sys.apikey, to manage authentication and authorization metadata.

An API key contains both authentication and authorization information.

Permissions are divided into resource-level permissions and system-level permissions:

• r : Read
• w : Write
• c : Control
• a : Admin

r and w are granted at the Table and Alias level.

c grants metadata management privileges, including databases, tables, aliases, and API keys.

a is a system administrator permission that includes all permissions.

Task

• Add sys.apikey
• Support API key issuance and management
• Implement API key authentication
• Implement the permission model (r, w, c, a)
• Add documentation and tests

Done When

• API keys can be issued, retrieved, and revoked.
• API requests can be authenticated using API keys.
• Access control based on r, w, c, and a permissions is enforced.
• Documentation and tests are completed.

Notes

Authorization Model

• Authentication is based on API keys.
• Authorization is deny-by-default.
• r and w are granted at the Table and Alias level.
• r allows read operations.
• w allows data mutation operations.
• c is a system-level permission for metadata management.
• a is a system-level administrator permission and includes all permissions.