[
https://issues.apache.org/jira/browse/SENTRY-2372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergio Peña updated SENTRY-2372:
--------------------------------
Attachment: SENTRY-2372.4.patch
> SentryStore should not implement grantOptionCheck
> -------------------------------------------------
>
> Key: SENTRY-2372
> URL: https://issues.apache.org/jira/browse/SENTRY-2372
> Project: Sentry
> Issue Type: Improvement
> Components: Sentry, sentrystore
> Affects Versions: 2.1.0
> Reporter: Sergio Peña
> Assignee: Sergio Peña
> Priority: Major
> Attachments: SENTRY-2372.1.patch, SENTRY-2372.2.patch,
> SENTRY-2372.3.patch, SENTRY-2372.4.patch
>
>
> During functional testing it was found that SentryStore implementation
> contains logic that enforces sentry rights and depends on cluster-specific
> context. Specifically grantOptionCheck needs to be able to resolve hadoop
> user's groups and sentry admin groups configured on the cluster.
> There are two problems with this:
> # Some backends use SentryStore in a multi-tenant way and does have the
> context that SentryStore expects when it is used in cluster.
> # Security enforcement logic shouldn't be in SentryStore if it is to be
> trusted. Since the backends Sentry API may be stateless the caller has to
> pass request context to such implementation backend together with the
> explicit SentryStore arguments. If the context (e.g. groups) is passed with
> the request the checks become unenforceable since caller controls variables
> on both sides of the comparison.
> The recommendation is to remove {{grantOptionCheck}} and {{SentryStore}} and
> to implement equivalent logic in {{SentryPolicyStoreProcessor}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
