sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregory Chanan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SENTRY-59) Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND
Date Mon, 04 Nov 2013 23:25:17 GMT
Gregory Chanan created SENTRY-59:
------------------------------------

             Summary: Doc that ResourceAuthorizationProvider checks actions as ORs, add support
for AND
                 Key: SENTRY-59
                 URL: https://issues.apache.org/jira/browse/SENTRY-59
             Project: Sentry
          Issue Type: Improvement
    Affects Versions: 1.3.0
            Reporter: Gregory Chanan
             Fix For: 1.3.0


Currently, it is not clear from the javadoc how multiple actions are handled in the function:
{code}
 /***
   * Returns validate subject privileges on given Authorizable object
   *
   * @param subject: UserID to validate privileges
   * @param authorizableHierarchy : List of object accroding to namespace hierarchy.
   *        eg. Server->Db->Table or Server->Function
   *        The privileges will be validated from the higher to lower scope
   * @param actions : Privileges to validate
   * @return
   *        True if the subject is authorized to perform requested action on the given object
   */
  public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
Set<? extends Action> actions);
{code}

but at least in ResourceAuthorizationProvider, OR semantics are used.  We should document
this and perhaps add an interface for AND semantics.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message