[
https://issues.apache.org/jira/browse/IMPALA-9222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17013265#comment-17013265
]
ASF subversion and git services commented on IMPALA-9222:
-
Commit f437146e33dcf4cc3cf79b71bdea462d1e557bd5 in impala's branch
refs/heads/master from Csaba Ringhofer
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=f437146 ]
IMPALA-9222: Speed up show tables/DBs if the user has access to parent db/server
Currently we always do the auth check for tables/dbs individually.
If the user has privileges higher in the hierarchy then it is not
necessary to do these checks as they will all succeed.
This change adds a higher level check before the individual checks.
The optimization is only enabled for Sentry, as Ranger has deny
policies, so server/db level access does not guarantee db/table level
access.
Testing:
- the existing auth related test coverage seems enough
- there are no tests for deny policies yet - adding them seems a bigger
task so I created a follow up jira: IMPALA-9252
Change-Id: Ic1f5c5d1cf447a9f1cec46c45272f250b8580826
Reviewed-on: http://gerrit.cloudera.org:8080/14867
Reviewed-by: Impala Public Jenkins
Tested-by: Impala Public Jenkins
> Speed up show tables/databases if the user has access to parent db/server
> -
>
> Key: IMPALA-9222
> URL: https://issues.apache.org/jira/browse/IMPALA-9222
> Project: IMPALA
> Issue Type: Improvement
> Components: Frontend
>Reporter: Csaba Ringhofer
>Assignee: Csaba Ringhofer
>Priority: Major
>
> Currently we always do the auth check for tables/databases individually. If
> the user has privileges higher in the hierarchy then it is not necessary to
> do these checks as they will all succeed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org