[kudu-CR](branch-1.10.x) [sentry] add require db privileges flag for ListTables

Wed, 19 Jun 2019 08:58:09 -0700 

Grant Henke has uploaded this change for review. ( 
http://gerrit.cloudera.org:8080/13678


Change subject: [sentry] add require_db_privileges flag for ListTables
......................................................................

[sentry] add require_db_privileges flag for ListTables

This patch adds a sentry_require_db_privileges_for_list_tables flag to
allow enforcing database level privileges for ListTables. Without this
flag, there will be a number of requests to Sentry related to the number
of tables in Kudu. With it, that number is limited to the number of
databases in Kudu. However, note that when the flag is set to true,
users with no database-level privileges on a database will not be able
to see any tables within it.

Using ListTablesBenchmark without the flag:
 $ ./bin/sentry_authz_provider-test --gtest_filter=*ListTablesBench* 
--num_databases=10 --num_tables_per_db=100 --has-db-privileges=false 
--sentry_require_db_privileges_for_list_tables=false

sentry_authz_provider-test.cc:421] Time spent Listing tables: real 122.567s 
user 0.339s sys 0.016s

With the flag:
 $ ./bin/sentry_authz_provider-test --gtest_filter=*ListTablesBench* 
--num_databases=10 --num_tables_per_db=100 --has-db-privileges=false 
--sentry_require_db_privileges_for_list_tables=true

sentry_authz_provider-test.cc:421] Time spent Listing tables: real 1.869s user 
0.011s sys 0.000s

Change-Id: I6a225932b22470d653d4b40678f32c2b5cb8329c
Reviewed-on: http://gerrit.cloudera.org:8080/13657
Tested-by: Kudu Jenkins
Reviewed-by: Hao Hao <hao....@cloudera.com>
(cherry picked from commit 45f03d69bdc73d1c7e08f249b4a40ecfbfd7f810)
---
M src/kudu/master/sentry_authz_provider-test.cc
M src/kudu/master/sentry_authz_provider.cc
2 files changed, 18 insertions(+), 1 deletion(-)



  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/78/13678/1
--
To view, visit http://gerrit.cloudera.org:8080/13678
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: kudu
Gerrit-Branch: branch-1.10.x
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6a225932b22470d653d4b40678f32c2b5cb8329c
Gerrit-Change-Number: 13678
Gerrit-PatchSet: 1
Gerrit-Owner: Grant Henke <granthe...@apache.org>
Gerrit-Reviewer: Hao Hao <hao....@cloudera.com>

Reply via email to