Thanks for the link - it is nice to integrate this discussion with JIRA
keywords. Looks like we need to go through the list and add categorize it
into short-term and long-term buckets.

I think Sergio's idea of doing smaller releases with small number of
features included makes sense.  We can vote for individual features, of
course but it only makes sense if someone actually commits to implementing
it.

Looks like so far the discussion is about improving user-level privileges -
it would be a good content for 2.1 release.

Is there some kind of design doc for user-level privileges in general? If
not, would it make sense to create one?

- Alex

On Thu, Jan 25, 2018 at 11:13 AM, Sergio Pena <sergio.p...@cloudera.com>
wrote:

> There is a section on the Wiki about roadmap ideas and JIRAs already
> created:
> https://cwiki.apache.org/confluence/display/SENTRY/
> Sentry+Roadmap+and+ideas
>
> I'm interested in having user-level privileges and special user privileges
> for objects owners.
>
> I got this from the linked above:
>   SENTRY-1073 User who creates a table should be granted all privileges on
> it by default
>   SENTRY-1068 Allow user who created a table to have "with grant" over that
> table by default
>   Creator of a table should have ownership of it (all privileges)
>   Allow privileges to be granted to users directly
>
> We should start planning the next Sentry 2.1 release based on the desired
> features. What about
> having 2 or 3 features on Sentry 2.1?
>
> I vote for:
> - user-level privileges (currently grant user to role is only supported)
> - default user privileges for objects owners
>
> Should we start a vote for new features for 2.1?
>
> - Sergio
>
> On Thu, Jan 25, 2018 at 12:46 PM, Kalyan Kumar Kalvagadda <
> kkal...@cloudera.com> wrote:
>
> > I would like to add something here.
> >
> >
> >    1. Current support for user-based-privileges allows admin to grant a
> >    role to user. Ideally, user-based-privileges feature should be
> allowing
> >    administrator to grant privileges to individual users directly.
> >       -  I'm working on this to come up with a scope doc.
> >       2. Currently sentry stores only grant privileges. This is not
> >    flexible. Let's say an administrator wants to grant role with select
> on
> > the
> >    all tables in a database except for couple to them, he needs to
> > individual
> >    select privileges for each table.
> >       1. Implementation should let you add a grant privilege on database
> >       and revokes privileges on the tables with in that database,
> >       2. This needs new look into privilege model that sentry currently
> > has.
> >
> >
> > -Kalyan
> >
> >
> > -Kalyan
> >
> > On Thu, Jan 25, 2018 at 12:16 PM, Alexander Kolbasov <ak...@cloudera.com
> >
> > wrote:
> >
> > > Good point. There is some support for user-level privileges in 2.0
> > already
> > > - do you think that it is not sufficient and is missing some parts?
> > >
> > > Is there anyone reading this who participated in the user-level
> > privileges
> > > in Sentry work done earlier? Is there any design doc for this?
> > >
> > > - Alex
> > >
> > > On Thu, Jan 25, 2018 at 10:11 AM, Na Li <lina...@cloudera.com> wrote:
> > >
> > > > Sasha,
> > > >
> > > > It would be nice to have more features for sentry.
> > > >
> > > > For example, make user-based privileges working. So user can assign
> > user
> > > > directly to a role instead of through group.
> > > >
> > > > Lina
> > > >
> > > > On Thu, Jan 25, 2018 at 11:58 AM, Alexander Kolbasov <
> > ak...@cloudera.com
> > > >
> > > > wrote:
> > > >
> > > > > Now that we have Sentry 2.0 release, I think it is a good time to
> > step
> > > > back
> > > > > from fixing bugs and immediate problems and start discussions on
> > > roadmap
> > > > > for Sentry going forward. Do we want to just keep it as is and
> > improve
> > > > > things here and there or we want to add new features?
> > > > >
> > > > > What do people think?
> > > > >
> > > > > - Alex
> > > > >
> > > >
> > >
> >
>

Reply via email to