sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dapeng Sun (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SENTRY-390) Extend Thrift API to support column-level privilege
Date Fri, 15 Aug 2014 08:37:18 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dapeng Sun updated SENTRY-390:
------------------------------

    Description: 
The jira include:
# SENTRY Thrift API changed :
#* We change the field {{TSentryPrivilege privilege}} to {{set<TSentryPrivilege> privileges}}
in {{TAlterSentryRoleGrantPrivilegeRequest}} and {{TAlterSentryRoleRevokePrivilegeRequest}},
The reason is the HIVE GRANT may like {{Grant SELECT (tb1.col1, tb2.col2) on TABLE table1
to role roleName}}, it contains two privileges ({{col1}} and {{col2}}) for SENTRY, to reduce
the request API calls, we make it change.
#* Another way to Implement it, maybe add a {{column list}} to {{TSentryPrivilege}}, but it
will bring more problems, we know SentryStore has many convert methods between {{TSentryPrivilege}}
and {{MSentryPrivilege}}, and query an unique {{MSentryPrivilege}} use {{TSentryPrivilege}}
as query condition, so we should make them one-to-one correspondence.
# Change {{SentryStore}} after Thrift API changed
# Change {{SentryPolicyStoreProcessor}} and {{SentryPolicyServiceClient}} after Thrift API
changed, include the grant/revoke methods about column privilege
# Change {{Auditlog}} after Thrift API changed

  was:
The jira include:
# SENTRY Thrift API changed :
#* We change the field {{TSentryPrivilege privilege}} to {{set<TSentryPrivilege> privileges}}
in {{TAlterSentryRoleGrantPrivilegeRequest}} and {{TAlterSentryRoleRevokePrivilegeRequest}},
The reason is the HIVE GRANT may like {{Grant SELECT (tb1.col1, tb2.col2) on TABLE table1
to role roleName}}, it contains two privileges ({{col1}} and {{col2}}) for SENTRY, to reduce
the request API calls, we make it change.
#* Another way to Implement it, maybe add a {{column list}} to {{TSentryPrivilege}}, but it
will bring more problems, we know SentryStore has many convert methods between {{TSentryPrivilege}}
and {{MSentryPrivilege}}, and query an unique {{MSentryPrivilege}} use {{TSentryPrivilege}}
as query condition, so we should make them one-to-one correspondence.
# Change {{SentryStore}} after Thrift API changed
# Change {{SentryPolicyStoreProcessor}} and {{SentryPolicyServiceClient}} after Thrift API
changed, also add the methods about grantColumnPrivilege
# Change {{Auditlog}} after Thrift API changed


> Extend Thrift API to support column-level privilege
> ---------------------------------------------------
>
>                 Key: SENTRY-390
>                 URL: https://issues.apache.org/jira/browse/SENTRY-390
>             Project: Sentry
>          Issue Type: Sub-task
>            Reporter: Dapeng Sun
>            Assignee: Dapeng Sun
>             Fix For: 1.5.0
>
>         Attachments: SENTRY-390.patch
>
>
> The jira include:
> # SENTRY Thrift API changed :
> #* We change the field {{TSentryPrivilege privilege}} to {{set<TSentryPrivilege>
privileges}} in {{TAlterSentryRoleGrantPrivilegeRequest}} and {{TAlterSentryRoleRevokePrivilegeRequest}},
The reason is the HIVE GRANT may like {{Grant SELECT (tb1.col1, tb2.col2) on TABLE table1
to role roleName}}, it contains two privileges ({{col1}} and {{col2}}) for SENTRY, to reduce
the request API calls, we make it change.
> #* Another way to Implement it, maybe add a {{column list}} to {{TSentryPrivilege}},
but it will bring more problems, we know SentryStore has many convert methods between {{TSentryPrivilege}}
and {{MSentryPrivilege}}, and query an unique {{MSentryPrivilege}} use {{TSentryPrivilege}}
as query condition, so we should make them one-to-one correspondence.
> # Change {{SentryStore}} after Thrift API changed
> # Change {{SentryPolicyStoreProcessor}} and {{SentryPolicyServiceClient}} after Thrift
API changed, include the grant/revoke methods about column privilege
> # Change {{Auditlog}} after Thrift API changed



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message