[
https://issues.apache.org/jira/browse/SENTRY-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dapeng Sun updated SENTRY-390:
------------------------------
Attachment: SENTRY-390.003.patch
> Extend Thrift API to support column-level privilege
> ---------------------------------------------------
>
> Key: SENTRY-390
> URL: https://issues.apache.org/jira/browse/SENTRY-390
> Project: Sentry
> Issue Type: Sub-task
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Fix For: 1.5.0
>
> Attachments: SENTRY-390.002.patch, SENTRY-390.patch
>
>
> The jira include:
> # SENTRY Thrift API changed :
> #* We change the field {{TSentryPrivilege privilege}} to
> {{set<TSentryPrivilege> privileges}} in
> {{TAlterSentryRoleGrantPrivilegeRequest}} and
> {{TAlterSentryRoleRevokePrivilegeRequest}}, The reason is the HIVE GRANT may
> like {{Grant SELECT (tb1.col1, tb2.col2) on TABLE table1 to role roleName}},
> it contains two privileges ({{col1}} and {{col2}}) for SENTRY, to reduce the
> request API calls, we make it change.
> #* Another way to Implement it, maybe add a {{column list}} to
> {{TSentryPrivilege}}, but it will bring more problems, we know SentryStore
> has many convert methods between {{TSentryPrivilege}} and
> {{MSentryPrivilege}}, and query an unique {{MSentryPrivilege}} use
> {{TSentryPrivilege}} as query condition, so we should make them one-to-one
> correspondence.
> # Change {{SentryStore}} after Thrift API changed
> # Change {{SentryPolicyStoreProcessor}} and {{SentryPolicyServiceClient}}
> after Thrift API changed, include the grant/revoke methods about column
> privilege
> # Change {{Auditlog}} after Thrift API changed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
