Hao Hao has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/13657 )
Change subject: [sentry] add require_db_privileges flag for ListTables ...................................................................... [sentry] add require_db_privileges flag for ListTables This patch adds a sentry_require_db_privileges_for_list_tables flag to allow enforcing database level privileges for ListTables. Without this flag, there will be a number of requests to Sentry related to the number of tables in Kudu. With it, that number is limited to the number of databases in Kudu. However, note that when the flag is set to true, users with no database-level privileges on a database will not be able to see any tables within it. Using ListTablesBenchmark without the flag: $ ./bin/sentry_authz_provider-test --gtest_filter=*ListTablesBench* --num_databases=10 --num_tables_per_db=100 --has-db-privileges=false --sentry_require_db_privileges_for_list_tables=false sentry_authz_provider-test.cc:421] Time spent Listing tables: real 122.567s user 0.339s sys 0.016s With the flag: $ ./bin/sentry_authz_provider-test --gtest_filter=*ListTablesBench* --num_databases=10 --num_tables_per_db=100 --has-db-privileges=false --sentry_require_db_privileges_for_list_tables=true sentry_authz_provider-test.cc:421] Time spent Listing tables: real 1.869s user 0.011s sys 0.000s Change-Id: I6a225932b22470d653d4b40678f32c2b5cb8329c Reviewed-on: http://gerrit.cloudera.org:8080/13657 Tested-by: Kudu Jenkins Reviewed-by: Hao Hao <hao....@cloudera.com> --- M src/kudu/master/sentry_authz_provider-test.cc M src/kudu/master/sentry_authz_provider.cc 2 files changed, 18 insertions(+), 1 deletion(-) Approvals: Kudu Jenkins: Verified Hao Hao: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/13657 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I6a225932b22470d653d4b40678f32c2b5cb8329c Gerrit-Change-Number: 13657 Gerrit-PatchSet: 5 Gerrit-Owner: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Andrew Wong <aw...@cloudera.com> Gerrit-Reviewer: Grant Henke <granthe...@apache.org> Gerrit-Reviewer: Hao Hao <hao....@cloudera.com> Gerrit-Reviewer: Kudu Jenkins (120)
