> On May 16, 2018, 3:52 p.m., Na Li wrote: > > sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java > > Lines 288 (patched) > > <https://reviews.apache.org/r/67131/diff/2/?file=2023763#file2023763line291> > > > > why should this be FsAction.NONE instead of "fsAction = > > perms.get(aclEntry) first. When it is null, then assign it to be > > FsAction.NONE"? > > kalyan kumar kalvagadda wrote: > "perms" map is constructed every time when there is authorization check > done from HDFS. > I see that your comment is based on what we have for ROLE. While getting > perms for roles, code looks for permissions for all the groups that this is > granted so we have logic "fsAction = perms.get(aclEntry)" there. > when it come to users, entry in perms is not expected that is why there > is no need to have similar logic for users.
Ignore my previous comment. there is a bug here. I will fix in the new patch. - kalyan kumar ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67131/#review203235 ----------------------------------------------------------- On May 15, 2018, 11:45 p.m., kalyan kumar kalvagadda wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67131/ > ----------------------------------------------------------- > > (Updated May 15, 2018, 11:45 p.m.) > > > Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena. > > > Bugs: SENTRY-2174 > https://issues.apache.org/jira/browse/SENTRY-2174 > > > Repository: sentry > > > Description > ------- > > SentryAuthorizationProvider should now additionally provide the ACL entries > with the permissions that users have along with the permissions for the > groups. > > With the changes proposed in SENTRY-2173, PrivilegeInfo will not only have > role to permission mapping. it will also have user to privilege mapping > information. > > SentryAuthorizationProvider should be using the new information added in > PrivilegeInfo to add ACL for users. > > > Diffs > ----- > > > sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryPermissions.java > a88d8e25ad745effe354aa6267252998b189a252 > > sentry-hdfs/sentry-hdfs-namenode-plugin/src/test/java/org/apache/sentry/hdfs/TestSentryPermissions.java > dbce40538cf4721b601cf63b1da713f3d57fc981 > > > Diff: https://reviews.apache.org/r/67131/diff/2/ > > > Testing > ------- > > Added new unit tests and also made sure that all the existing tests pass. > > > Thanks, > > kalyan kumar kalvagadda > >
