sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dapeng Sun (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SENTRY-240) Handle active roles in the hive binding and get rid of hive specific sentry thrift api
Date Tue, 01 Sep 2015 05:50:49 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dapeng Sun updated SENTRY-240:
------------------------------
    Fix Version/s:     (was: 1.6.0)
                   1.7.0

> Handle active roles in the hive binding and get rid of hive specific sentry thrift api
> --------------------------------------------------------------------------------------
>
>                 Key: SENTRY-240
>                 URL: https://issues.apache.org/jira/browse/SENTRY-240
>             Project: Sentry
>          Issue Type: Improvement
>    Affects Versions: 1.4.0
>            Reporter: Sravya Tirukkovalur
>             Fix For: 1.7.0
>
>
> Would be good to get rid of maintaining active role set struct and list_sentry_privileges_for_provider
in thrift
> I think we should handle active roles on hive side outside of sentry service, as we do
not really store these mappings in the db. And does not make sense to store these in db as
these are per session variables. If we do this, we can clean up the thrift interface a bit
and just have:
> TListSentryPrivilegesResponse list_sentry_privileges(1:TListSentryPrivilegesRequest request)
> struct TListSentryPrivilegesRequest {
> 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
> 2: required string requestorUserName, # user on whose behalf the request is issued
> 3: required set<string> roleNames # get privileges assigned for this role
> 4: optional TSentryAuthorizable authorizableHierarchy
> }
> And do the set intersection of rolesforGroup and active roles in the hive binding itself.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message