[
https://issues.apache.org/jira/browse/SENTRY-565?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15021701#comment-15021701
]
Lenni Kuff commented on SENTRY-565:
-----------------------------------
[~colinma] - Thanks. I think a making a privilege cache might be an
interesting/useful idea, but perhaps out of scope for this JIRA. For that I
think we would want to think through the possible use cases and have a bit more
formal design discussion.
> Improvement the performance when Sentry filter the entity
> ---------------------------------------------------------
>
> Key: SENTRY-565
> URL: https://issues.apache.org/jira/browse/SENTRY-565
> Project: Sentry
> Issue Type: Improvement
> Reporter: Colin Ma
> Assignee: Colin Ma
> Attachments: SENTRY-565.001.patch, SENTRY-565.002.patch,
> SENTRY-565.003.patch, SENTRY-565.004.patch, SENTRY-565.005.patch
>
>
> Currently, when get the metadata from hive, eg, "show tables", "show
> databases". Sentry will filter the result and output the authorized entities.
> There will be many RPC calls when filtering the result. The related code is
> in HiveAuthzBinding, for example, in filterShowTables:
> {code}
> ......
> for (String tableName : queryResult) {
> ......
> hiveAuthzBinding.authorize(operation, tableMetaDataPrivilege, subject,
> inputHierarchy,
> outputHierarchy, providedPrivileges);
> ......
> }
> ......
> {code}
> hiveAuthzBinding.authorize will get the privileges from sentry service, if
> there are many tables in the hive, the filtering process will spend much
> time. Considering sentry also need to filter the column, HiveAuthzBinding
> should be improved to reduce the number of rpc calls when doing the filter.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
