sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sravya Tirukkovalur (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SENTRY-59) Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND
Date Wed, 14 May 2014 05:50:14 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-59?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sravya Tirukkovalur updated SENTRY-59:
--------------------------------------

    Fix Version/s:     (was: 1.3.0)
                   1.4.0

> Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND
> ---------------------------------------------------------------------------------
>
>                 Key: SENTRY-59
>                 URL: https://issues.apache.org/jira/browse/SENTRY-59
>             Project: Sentry
>          Issue Type: Improvement
>    Affects Versions: 1.3.0
>            Reporter: Gregory Chanan
>             Fix For: 1.4.0
>
>
> Currently, it is not clear from the javadoc how multiple actions are handled in the function:
> {code}
>  /***
>    * Returns validate subject privileges on given Authorizable object
>    *
>    * @param subject: UserID to validate privileges
>    * @param authorizableHierarchy : List of object accroding to namespace hierarchy.
>    *        eg. Server->Db->Table or Server->Function
>    *        The privileges will be validated from the higher to lower scope
>    * @param actions : Privileges to validate
>    * @return
>    *        True if the subject is authorized to perform requested action on the given
object
>    */
>   public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy,
Set<? extends Action> actions);
> {code}
> but at least in ResourceAuthorizationProvider, OR semantics are used.  We should document
this and perhaps add an interface for AND semantics.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message