[
https://issues.apache.org/jira/browse/HIVE-9677?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan Gates updated HIVE-9677:
-----------------------------
Attachment: HIVE-9677.patch
This patch is more complicated than many of the previous ones. Due to the
hierarchical nature of roles and the fact that users can belong to multiple
roles it was not possible to do all operations by a direct key lookup as it is
with fetching tables, partitions, etc. Obviously this makes things more
complicated for HBase.
To resolve this I stored the information to different ways:
1) In the ROLES table, each role stores all users and roles that have been
directly included in it (that is, granted that role).
2) I added a new table USER_TO_ROLE that for each user, lists all roles the
user is in either directly or indirectly.
The USER_TO_ROLES table is built to be very efficient for DML/select queries
where we need to quickly know what roles the user participates in. However, it
is expensive to build, as each row requires a multi-pass walk of the ROLES
table. This is alleviated somewhat by reading the entire ROLES table in memory
before rebuilding the table.
This does mean that adding a user to a role or dropping him is somewhat
expensive as the row for that user in the USER_TO_ROLES table has to be
rebuilt. Adding a role to another role, dropping a role from another role, or
dropping a role altogether is very expensive because multiple rows in the
USER_TO_ROLE table have to be rebuilt.
Given that grant/revoke statements are very rare compared to DML/select queries
and rarely performance sensitive, it makes sense to take grants and revokes
take a few more seconds in order to shave milliseconds off each DML or select
operation.
> Implement privileges call in HBaseStore
> ---------------------------------------
>
> Key: HIVE-9677
> URL: https://issues.apache.org/jira/browse/HIVE-9677
> Project: Hive
> Issue Type: Sub-task
> Components: Metastore
> Reporter: Alan Gates
> Assignee: Alan Gates
> Attachments: HIVE-9677.patch
>
>
> All of the list*Grants methods, grantPrivileges, and revokePrivileges need to
> be implemented.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
