-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71901/
-----------------------------------------------------------
(Updated Dec. 13, 2019, 4:38 p.m.)
Review request for sentry, kalyan kumar kalvagadda and Vihang Karajgaonkar.
Bugs: sentry-2540
https://issues.apache.org/jira/browse/sentry-2540
Repository: sentry
Description
-------
When there are thousands of databases, SHOW DATABASES may take a really long
time because SENTRY checks if user has any of the following privileges on that
database for filtering out the database
DBModelAction.SELECT, DBModelAction.INSERT, DBModelAction.ALTER,
DBModelAction.CREATE, DBModelAction.DROP, DBModelAction.INDEX,
DBModelAction.LOCK
To speedup the authorization checking for this case, Sentry can check only the
select privilege for SHOW DATABASES and SHOW TABLES based on configuration.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java
5c43329
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/MetastoreAuthzObjectFilter.java
e64d1a5
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
cc0465a
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java
6a88d0b
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivilegesOnSelectOnly.java
PRE-CREATION
Diff: https://reviews.apache.org/r/71901/diff/3/
Changes: https://reviews.apache.org/r/71901/diff/2-3/
Testing
-------
manually set the configuration to be true, and see only select action is used
for authorization check
Thanks,
Na Li
