[
https://issues.apache.org/jira/browse/SENTRY-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shreepadma Venugopalan updated SENTRY-115:
------------------------------------------
Fix Version/s: 1.4.0
> Give bindings the ability to access the group mappings
> ------------------------------------------------------
>
> Key: SENTRY-115
> URL: https://issues.apache.org/jira/browse/SENTRY-115
> Project: Sentry
> Issue Type: New Feature
> Affects Versions: 1.3.0
> Reporter: Gregory Chanan
> Assignee: Gregory Chanan
> Fix For: 1.4.0
>
> Attachments: SENTRY-115.4.patch, SENTRY-115v2.patch,
> SENTRY-115v4.patch
>
>
> This is a use case for document-level security with solr.
> In this setup, the solr document itself would store the authorization tokens,
> rather than having them stored directly in sentry. It wouldn't be feasible
> to store them directly in sentry, as there could be million of documents, and
> storing them in say, an .ini file would be expensive and slow.
> Instead, the sentry binding would grab the groups associated with the user,
> and modify the user's query in order to only return documents that contain
> (at least one) of the user's groups in the auth tokens.
> Today, there is no way for the binding layer to access the mapping service;
> the group mapping happens "behind the scenes" when hasAccess is called. The
> simplest way of providing this functionality is probably to add a function to
> get the GroupMappingService from the AuthorizationProvider.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
