Vihang Karajgaonkar has posted comments on this change. ( http://gerrit.cloudera.org:8080/15068 )
Change subject: IMPALA-9242: Filter privileges before returning them to Sentry ...................................................................... Patch Set 12: (3 comments) Patch looks good to me. Had some questions related to URI privileges below. Rest looks good. http://gerrit.cloudera.org:8080/#/c/15068/7//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/15068/7//COMMIT_MSG@20 PS7, Line 20: String.intern() > This change added a "handmade" interner to Impala: thanks for the pointer. Will take a look. http://gerrit.cloudera.org:8080/#/c/15068/7/fe/src/main/java/org/apache/impala/authorization/sentry/SentryAuthorizationPolicy.java File fe/src/main/java/org/apache/impala/authorization/sentry/SentryAuthorizationPolicy.java: http://gerrit.cloudera.org:8080/#/c/15068/7/fe/src/main/java/org/apache/impala/authorization/sentry/SentryAuthorizationPolicy.java@49 PS7, Line 49: public class SentryAuthorizationPolicy implements FilteredPrivilegeCache { > I see 3 reason why the fallback could be useful: makes sense. Thanks for considering the suggestion. http://gerrit.cloudera.org:8080/#/c/15068/12/fe/src/main/java/org/apache/impala/catalog/PrincipalPrivilegeTree.java File fe/src/main/java/org/apache/impala/catalog/PrincipalPrivilegeTree.java: http://gerrit.cloudera.org:8080/#/c/15068/12/fe/src/main/java/org/apache/impala/catalog/PrincipalPrivilegeTree.java@140 PS12, Line 140: private List<String> toPath() { Curious to understand the motivation to disallow creating filter like server1->uri1 since both server1->uri1 and server1->uri2 both will have the path as [server1] with the boolean flag set to true. Does this mean a getFilteredList() will return all the server level privileges and all the URI privileges when we are only interested in the authorization heirarchy of server1-uri1? -- To view, visit http://gerrit.cloudera.org:8080/15068 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Iecd4281368d1c9fe88cfe850ea725cd68895712e Gerrit-Change-Number: 15068 Gerrit-PatchSet: 12 Gerrit-Owner: Csaba Ringhofer <csringho...@cloudera.com> Gerrit-Reviewer: Anonymous Coward (498) Gerrit-Reviewer: Csaba Ringhofer <csringho...@cloudera.com> Gerrit-Reviewer: Daniel Becker <daniel.bec...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Vihang Karajgaonkar <vih...@cloudera.com> Gerrit-Comment-Date: Tue, 11 Feb 2020 19:34:50 +0000 Gerrit-HasComments: Yes