[
https://issues.apache.org/jira/browse/SENTRY-1556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15767932#comment-15767932
]
kalyan kumar kalvagadda edited comment on SENTRY-1556 at 12/21/16 7:50 PM:
---------------------------------------------------------------------------
I made changes for the first approach by removing privileges moment they are
not associated to any role.
I have identified below scenarios which this will happen
# When a role is deleted
** When a role is deleted, we can see if the associated privileges are
associated to any other roles. All the privileges that are not associated to
any roles can be deleted from storage
# When a privilege is revoked for a role
** When a privilege is revoked for a role, we can remove the privilege from
storage if it is not associated to any role
*Note:* Once this approached is reviewed and accepted, we need not call
PrivCleaner for periodic cleanup
was (Author: kkalyan):
I made changes for the first approach by removing privileges moment they are
not associated to any role.
I have identified below scenarios which this will happen
# When a role is deleted
** When a role is deleted, we can see if the associated privileges are
associated to any other roles. All the privileges that are not associated to
any roles can be deleted from storage
# When a privilege is revoked for a role
** When a privilege is revoked for a role, we can remove the privilege from
storage if it is not associated to any role
*Note:* Once this approached is reviewed and accepted we need to call
PrivCleaner for periodic cleanup
> Simplify privilege cleaning
> ---------------------------
>
> Key: SENTRY-1556
> URL: https://issues.apache.org/jira/browse/SENTRY-1556
> Project: Sentry
> Issue Type: Improvement
> Components: Sentry
> Affects Versions: 1.8.0, sentry-ha-redesign
> Reporter: Alexander Kolbasov
> Assignee: kalyan kumar kalvagadda
> Priority: Minor
>
> The SentryStore class has a privCleaner that cleans up orphaned privileges.
> Currently cleaning is happening after 50 notification requests are sent and
> it uses locking to synchronize.
> I think the whole thing can be simplified:
> 1) We should consider whether it is possible to clean up a privilege simply
> when we see that there are no roles associated with it. In this case we do
> not need this at all.
> 2) We can simply run a periodic job to clean up orphaned privileges and
> groups (which are not cleaned up at all now).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
