sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brock Noland (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SENTRY-115) Give bindings the ability to access the group mappings
Date Wed, 12 Feb 2014 23:57:22 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Brock Noland updated SENTRY-115:
--------------------------------

    Attachment: SENTRY-115.4.patch

Uploading the v4 patch under a name the precommit tests will like.

> Give bindings the ability to access the group mappings
> ------------------------------------------------------
>
>                 Key: SENTRY-115
>                 URL: https://issues.apache.org/jira/browse/SENTRY-115
>             Project: Sentry
>          Issue Type: New Feature
>    Affects Versions: 1.3.0
>            Reporter: Gregory Chanan
>            Assignee: Gregory Chanan
>         Attachments: SENTRY-115.4.patch, SENTRY-115v2.patch, SENTRY-115v4.patch
>
>
> This is a use case for document-level security with solr.
> In this setup, the solr document itself would store the authorization tokens, rather
than having them stored directly in sentry.  It wouldn't be feasible to store them directly
in sentry, as there could be million of documents, and storing them in say, an .ini file would
be expensive and slow.
> Instead, the sentry binding would grab the groups associated with the user, and modify
the user's query in order to only return documents that contain (at least one) of the user's
groups in the auth tokens.
> Today, there is no way for the binding layer to access the mapping service; the group
mapping happens "behind the scenes" when hasAccess is called.  The simplest way of providing
this functionality is probably to add a function to get the GroupMappingService from the AuthorizationProvider.



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message