sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ryan P (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SENTRY-980) Allow connected users to perform operations typically reserved for admins.
Date Tue, 08 Dec 2015 18:26:10 GMT
Ryan P created SENTRY-980:
-----------------------------

             Summary: Allow connected users to perform operations typically reserved for admins.

                 Key: SENTRY-980
                 URL: https://issues.apache.org/jira/browse/SENTRY-980
             Project: Sentry
          Issue Type: Improvement
            Reporter: Ryan P
            Priority: Minor


As it stands only users that fall into one of the configured ADMIN_GROUPS can make calls such
as list_sentry_roles_by_group. This can cause issues for applications such as Impala which
have not been configured as a admin group. 

Technically it is a requirement for Impala to be granted these elevated privileges. There
are however a few specific use cases where this is not acceptable. 

I propose that we loosen the requirements slightly to allow users configured in ALLOW_CONNECT
to perform admin operations. This value should already only be used by services which implement
Sentry, not as end users. 





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message