sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sravya Tirukkovalur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-157) Support filter pushdown in DB Store client to reduce data transfer from DB Store service
Date Fri, 30 May 2014 19:37:02 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14014145#comment-14014145
] 

Sravya Tirukkovalur commented on SENTRY-157:
--------------------------------------------

[~asuresh], looks like filter logic in SentryStore is true restrictive: for a request of form
server=server1->db=default, the equivalent filter is roles.contains(role) && (role.roleName
== "admin_role") && serverName == "server1" && dbName == "default"

> Support filter pushdown in DB Store client to reduce data transfer from DB Store service
> ----------------------------------------------------------------------------------------
>
>                 Key: SENTRY-157
>                 URL: https://issues.apache.org/jira/browse/SENTRY-157
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.4.0
>            Reporter: Prasad Mujumdar
>            Assignee: Arun Suresh
>         Attachments: SENTRY-157.1.patch, SENTRY-157.3.patch, SENTRY-157.4.patch
>
>
> The authorization provider retrieves all the privileges for the given set of groups.
This could be a huge data set if there are a large number of privileges in the system. A downstream
consumer like HiveServer2 will be reading this for each query. This could impact the DB store
performance if there are multiple active queries and numerous privilege rules.
> We could consider pushing the filters like DB object name to the policy provider to prune
the privilege result set at the source.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message