Ryan P created SENTRY-980:
-----------------------------
Summary: Allow connected users to perform operations typically
reserved for admins.
Key: SENTRY-980
URL: https://issues.apache.org/jira/browse/SENTRY-980
Project: Sentry
Issue Type: Improvement
Reporter: Ryan P
Priority: Minor
As it stands only users that fall into one of the configured ADMIN_GROUPS can
make calls such as list_sentry_roles_by_group. This can cause issues for
applications such as Impala which have not been configured as a admin group.
Technically it is a requirement for Impala to be granted these elevated
privileges. There are however a few specific use cases where this is not
acceptable.
I propose that we loosen the requirements slightly to allow users configured in
ALLOW_CONNECT to perform admin operations. This value should already only be
used by services which implement Sentry, not as end users.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
