[
https://issues.apache.org/jira/browse/SENTRY-240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li updated SENTRY-240:
-------------------------
Fix Version/s: (was: 2.1.0)
> Handle active roles in the hive binding and get rid of hive specific sentry
> thrift api
> --------------------------------------------------------------------------------------
>
> Key: SENTRY-240
> URL: https://issues.apache.org/jira/browse/SENTRY-240
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.4.0
> Reporter: Sravya Tirukkovalur
> Priority: Major
>
> Would be good to get rid of maintaining active role set struct and
> list_sentry_privileges_for_provider in thrift
> I think we should handle active roles on hive side outside of sentry service,
> as we do not really store these mappings in the db. And does not make sense
> to store these in db as these are per session variables. If we do this, we
> can clean up the thrift interface a bit and just have:
> TListSentryPrivilegesResponse
> list_sentry_privileges(1:TListSentryPrivilegesRequest request)
> struct TListSentryPrivilegesRequest {
> 1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
> 2: required string requestorUserName, # user on whose behalf the request is
> issued
> 3: required set<string> roleNames # get privileges assigned for this role
> 4: optional TSentryAuthorizable authorizableHierarchy
> }
> And do the set intersection of rolesforGroup and active roles in the hive
> binding itself.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
