I am wondering what is the relationship between "users" as defined in Sentry and users as defined in Unix or LDAP or Active Directory.
Should it be allowed to assign permissions to a user that doesn't exist? Should there be any validation if users? Should these be treated together or independently? Also, there is discussion about adding permissions not to roles but to users directly. How is it different from adding permissions not to roles but to groups directly? So far Sentry used role-based model - do we want to change it to entity-based model? - Alex
