Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13494 )
Change subject: sentry: don't send requests for DATABASE/SERVER privileges ...................................................................... Patch Set 2: (1 comment) http://gerrit.cloudera.org:8080/#/c/13494/2/src/kudu/master/sentry_privileges_fetcher.cc File src/kudu/master/sentry_privileges_fetcher.cc: http://gerrit.cloudera.org:8080/#/c/13494/2/src/kudu/master/sentry_privileges_fetcher.cc@693 PS2, Line 693: NarrowAuthzScopeForFetch(db, table, &authorizable); > Remember, this is narrowing the scope of the call to Sentry, so yes. That i Ah, indeed. Thanks for the clarification. It seems I conflated the semantics of the Fetcher and AuthzProvider. So, Authorize() will check for the presence of the privilege at the necessary level regardless of what we are sending/receiving from Sentry with the help of the Fetcher. Sounds good to me then! -- To view, visit http://gerrit.cloudera.org:8080/13494 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic0025e3bacc8449dfffe99a1fc062a9e6787eb78 Gerrit-Change-Number: 13494 Gerrit-PatchSet: 2 Gerrit-Owner: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Adar Dembo <a...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 04 Jun 2019 18:41:09 +0000 Gerrit-HasComments: Yes
