[jira] [Assigned] (SENTRY-2129) User based privilege

Fri, 14 Jun 2019 11:42:40 -0700 


     [ 
https://issues.apache.org/jira/browse/SENTRY-2129?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Na Li reassigned SENTRY-2129:
-----------------------------

    Assignee:     (was: Na Li)

> User based privilege
> --------------------
>
>                 Key: SENTRY-2129
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2129
>             Project: Sentry
>          Issue Type: New Feature
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Na Li
>            Priority: Major
>              Labels: roadmap
>
> It’s standard in traditional database security to allow both groups and users 
> to be assigned to roles. And hive supports to grant role to user.
> So the following command should be supported in sentry:
> GRANT role_name TO USER user
> The feature implemented in SENTRY-711 is not complete. We complete this 
> feature 
>  
> The current user-based privilege missed some items:
>  
>  * Sentry policy has two service API: SentryPolicyService and 
> SentryGenericPolicyService. The current implementation does not support 
> user-based privilege for SentryGenericPolicyService
>  * {color:#5c5c5c}Fix bug. SENTRY-2091: User-based Privilege is broken by 
> SENTRY-769. The patch is available for review.{color}
>  * {color:#5c5c5c}Name Node need change to generate ACL using user 
> privilege.{color}
>  ** The full snapshot update only contains authorization to roles mapping and 
> role to group mapping. *Need to add role to user mapping in* 
> SentryStore.retrieveFullRoleImageCore
>  ** The delta updates are taken from table SENTRY_PERM_CHANGE, which does not 
> distinguish group based permission or user based permission. No change is 
> needed
>  ** The user changes to a role is not included when sending delta update from 
> Sentry to NN. *Need to add AddUsers and DropUsers in TRoleChanges*. 
>  ** Sentry only create ACL for group with ACL type as AclEntryType.GROUP. 
> *Need to add code to create ACL with type as* AclEntryType.USER
>  *** SentryINodeAttributesProvider.checkPermission -> 
> FSPermissionChecker.checkPermission -> 
> SentryINodeAttributesProvider.getAclFeature -> 
> SentryAuthorizationInfo.getAclEntries -> SentryPermissions.constructAclEntry
>  * {color:#5c5c5c}SentryStore.grantOptionCheck() has to be changed to find 
> user level privilege. {color}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to