[
https://issues.apache.org/jira/browse/SENTRY-2128?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16343707#comment-16343707
]
kalyan kumar kalvagadda commented on SENTRY-2128:
-------------------------------------------------
User privileges is new feature that is needed. This feature allows the
administrator to grant permissions to users. There are a lot customers that
complain that there is a lot of over head if they want to grant a specific
privilege to a user. Over in terms of creating an additional role and group.
Why do customers want this? It’s standard in traditional database security to
grant permissions to users. It allows administrator to grant permissions to
user without over head of groups and roles. Also, Hortonworks/Ranger already
has this feature. This could be implemented to all privilege models DB/generic
and have if available for Hive/Impala/Solr/Kafka.
This feature as act as a backbone for the finer grained privileges feature
which is in sentry road map. Part of fine grained privileges is having
ownership of the objects. User privileges is a way to implement it.
*Steps involved currently(Hive):*
# Create a group
# Add user to group
# Grant a role to a group/user
* GRANT ROLE role_name [, role_name] TO GROUP <groupName> [,GROUP
<groupName>]
* GRANT ROLE role_name [, role_name] TO [GROUP <groupName> [,GROUP
<groupName>]]*[USER< userName>]*
# Grant [select/insert] on <HMS-object> to ROLE <ROLE-NAME>
*Steps involved currently(Hive):*
# Grant [select/insert] on <HMS-object> to USER <USER-NAME>
> Support for granting privileges to user.
> ----------------------------------------
>
> Key: SENTRY-2128
> URL: https://issues.apache.org/jira/browse/SENTRY-2128
> Project: Sentry
> Issue Type: New Feature
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: kalyan kumar kalvagadda
> Assignee: kalyan kumar kalvagadda
> Priority: Major
> Labels: roadmap
>
> Currently sentry supports granting role to user but this would not be
> sufficient.
> Ideally it should provide an ability to grant privileges to user.
> *One simple use case:* Administrator wants to grant a specific privilege for
> each user.
> # Administrator has to create a separate group and role for that user.
> # Add user to the group
> # Grant the new role to that group
> # grant the privilege to that group
> *After SENTRY-711*
> # Administrator has to create a separate role for that user.
> # Grant the new role to that user
> # grant the privilege to that group
>
> *With the new proposed feature*
> # Just grant a privilege to a user.
>
> Changes needed for thus feature will be pretty deep.
>
> Will be adding scope as part subtask created
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
