[ https://issues.apache.org/jira/browse/SENTRY-2129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Na Li reassigned SENTRY-2129: ----------------------------- Assignee: (was: Na Li) > User based privilege > -------------------- > > Key: SENTRY-2129 > URL: https://issues.apache.org/jira/browse/SENTRY-2129 > Project: Sentry > Issue Type: New Feature > Components: Sentry > Affects Versions: 2.1.0 > Reporter: Na Li > Priority: Major > Labels: roadmap > > It’s standard in traditional database security to allow both groups and users > to be assigned to roles. And hive supports to grant role to user. > So the following command should be supported in sentry: > GRANT role_name TO USER user > The feature implemented in SENTRY-711 is not complete. We complete this > feature > > The current user-based privilege missed some items: > > * Sentry policy has two service API: SentryPolicyService and > SentryGenericPolicyService. The current implementation does not support > user-based privilege for SentryGenericPolicyService > * {color:#5c5c5c}Fix bug. SENTRY-2091: User-based Privilege is broken by > SENTRY-769. The patch is available for review.{color} > * {color:#5c5c5c}Name Node need change to generate ACL using user > privilege.{color} > ** The full snapshot update only contains authorization to roles mapping and > role to group mapping. *Need to add role to user mapping in* > SentryStore.retrieveFullRoleImageCore > ** The delta updates are taken from table SENTRY_PERM_CHANGE, which does not > distinguish group based permission or user based permission. No change is > needed > ** The user changes to a role is not included when sending delta update from > Sentry to NN. *Need to add AddUsers and DropUsers in TRoleChanges*. > ** Sentry only create ACL for group with ACL type as AclEntryType.GROUP. > *Need to add code to create ACL with type as* AclEntryType.USER > *** SentryINodeAttributesProvider.checkPermission -> > FSPermissionChecker.checkPermission -> > SentryINodeAttributesProvider.getAclFeature -> > SentryAuthorizationInfo.getAclEntries -> SentryPermissions.constructAclEntry > * {color:#5c5c5c}SentryStore.grantOptionCheck() has to be changed to find > user level privilege. {color} -- This message was sent by Atlassian JIRA (v7.6.3#76005)