Developed granular, metadata-based authorization for Gravitino resources in the apache/gravitino repository, focusing on enhancing access control and compliance. Integrated the jcasbin library to enable policy-driven authorization, and refactored the GravitinoAuthorizer to improve consistency and maintainability of backend logic. Introduced new annotations and expressions to enforce access policies across filesets and models, supporting operations such as list, create, load, alter, and delete. This work established a scalable foundation for both RBAC and ABAC models, leveraging Java and backend development expertise to deliver a robust, extensible authorization framework that addresses evolving security requirements without introducing new bugs.