[jira] [Commented] (SENTRY-2140) Attribute based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453211#comment-16453211 ] Alexander Kolbasov commented on SENTRY-2140: [~moist] It would be good if you send email to dev@ alias and explain all this. > Attribute based access control > -- > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf > > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "attributes" that prevent users/roles from not accessing or seeing the data. > For users/roles that have that attribute, they should be able to see that > information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Attribute based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453173#comment-16453173 ] Steve Moist commented on SENTRY-2140: - About August to be fully complete, I don't know when the next Sentry release is. I had talked with [~spena] and [~kkalyan] offline about how we should proceed with development. They suggested to work against master directly instead of using a feature branch so that's what we plan to do. They didn't want a huge patch as no one will review it, so we've broken off pieces and will be iterating on it over the next few months in an agile development process. > Attribute based access control > -- > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf > > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "attributes" that prevent users/roles from not accessing or seeing the data. > For users/roles that have that attribute, they should be able to see that > information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Attribute based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453154#comment-16453154 ] Alexander Kolbasov commented on SENTRY-2140: [~moist] What is the proposed timeline for this work? Do you think that it should be in the scope of upcoming Sentry release (which currently is supposed to have FGP changes only) or go to the next one? What are your thoughts on the way to work on this - do you plan on working in master or in a feature branch? Or you plan to do a huge drop in master at some point? > Attribute based access control > -- > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf > > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "attributes" that prevent users/roles from not accessing or seeing the data. > For users/roles that have that attribute, they should be able to see that > information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Attribute based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453130#comment-16453130 ] Steve Moist commented on SENTRY-2140: - This is an intermediate solution, the attribute polices will be moved to a CLI based approach in later tickets. I'm actually working on that now. > Attribute based access control > -- > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf > > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "attributes" that prevent users/roles from not accessing or seeing the data. > For users/roles that have that attribute, they should be able to see that > information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Attribute based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453112#comment-16453112 ] Alexander Kolbasov commented on SENTRY-2140: [~moist] Sentry used to work in the way you described - there was a policy file that was the description of the policy. It moved away from this for obvious reasons - let's avoid getting back to file-based solutions. Sentry is now an API-based service. > Attribute based access control > -- > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > Attachments: Sentry ABAC Proposal v1.1.pdf, Sentry ABAC Proposal.pdf > > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "attributes" that prevent users/roles from not accessing or seeing the data. > For users/roles that have that attribute, they should be able to see that > information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2211) Review the index creation for foreign keys
[ https://issues.apache.org/jira/browse/SENTRY-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453067#comment-16453067 ] Na Li commented on SENTRY-2211: --- It is a task to identify potential improvements. Updated the type > Review the index creation for foreign keys > -- > > Key: SENTRY-2211 > URL: https://issues.apache.org/jira/browse/SENTRY-2211 > Project: Sentry > Issue Type: Task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > > It is generally recommended to create an index which leads on the foreign key > column(s), to support not only joins between the primary and foreign keys, > but also updates and deletes. > We should review the foreign keys and check if there is an index defined, if > not, should we create index. > More details on The Benefits of Indexing Foreign Keys > https://sqlperformance.com/2012/11/t-sql-queries/benefits-indexing-foreign-keys > Indexes on foreign keys > https://asktom.oracle.com/pls/asktom/f?p=100:11:0P11_QUESTION_ID:292016138754 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2211) Review the index creation for foreign keys
[ https://issues.apache.org/jira/browse/SENTRY-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2211: -- Issue Type: Task (was: Improvement) > Review the index creation for foreign keys > -- > > Key: SENTRY-2211 > URL: https://issues.apache.org/jira/browse/SENTRY-2211 > Project: Sentry > Issue Type: Task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > > It is generally recommended to create an index which leads on the foreign key > column(s), to support not only joins between the primary and foreign keys, > but also updates and deletes. > We should review the foreign keys and check if there is an index defined, if > not, should we create index. > More details on The Benefits of Indexing Foreign Keys > https://sqlperformance.com/2012/11/t-sql-queries/benefits-indexing-foreign-keys > Indexes on foreign keys > https://asktom.oracle.com/pls/asktom/f?p=100:11:0P11_QUESTION_ID:292016138754 -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2211) Review the index creation for foreign keys
[ https://issues.apache.org/jira/browse/SENTRY-2211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16453026#comment-16453026 ] Sergio Peña commented on SENTRY-2211: - It this an improvement or just a task to review? I feel this is just a task that may find new improvements for indexes. > Review the index creation for foreign keys > -- > > Key: SENTRY-2211 > URL: https://issues.apache.org/jira/browse/SENTRY-2211 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > > It is generally recommended to create an index which leads on the foreign key > column(s), to support not only joins between the primary and foreign keys, > but also updates and deletes. > We should review the foreign keys and check if there is an index defined, if > not, should we create index. > More details on The Benefits of Indexing Foreign Keys > https://sqlperformance.com/2012/11/t-sql-queries/benefits-indexing-foreign-keys > Indexes on foreign keys > https://asktom.oracle.com/pls/asktom/f?p=100:11:0P11_QUESTION_ID:292016138754 -- This message was sent by Atlassian JIRA (v7.6.3#76005)