sentry-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	"Romain Rigaux (JIRA)" <j...@apache.org>
Subject	[jira] [Commented] (SENTRY-359) Support Sentry service API to retrieve applicable privileges for a given authorizable object
Date	Tue, 09 Sep 2014 19:28:28 GMT
[ https://issues.apache.org/jira/browse/SENTRY-359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14127434#comment-14127434 ] Romain Rigaux commented on SENTRY-359: -------------------------------------- This is pretty good! I like the API. We can use it to list the priv of one object or its underlying objects if we know them. Not reusing TSentryActiveRoleSet for '+3: optional set<string> groups' in TListSentryPrivilegesByAuthRequest ? {code} struct TAlterSentryRoleGrantPrivilegeResponse { 1: required sentry_common_service.TSentryResponseStatus status +2: optional TSentryPrivilege privilege } +# List role:set<privileges> for the given authorizable +# Optionally use the set of groups to filter the roles +struct TSentryPrivilegeMap { +1: required map<string, set<TSentryPrivilege>> privilegeMap +} +struct TListSentryPrivilegesByAuthRequest { +1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1, +2: required set<TSentryAuthorizable> authorizableSet, +3: optional set<string> groups +} +struct TListSentryPrivilegesByAuthResponse { +1: required sentry_common_service.TSentryResponseStatus status, +2: required map<TSentryAuthorizable, TSentryPrivilegeMap> privilegesMapByAuth +} + + + TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest request); {code} > Support Sentry service API to retrieve applicable privileges for a given authorizable object > -------------------------------------------------------------------------------------------- > > Key: SENTRY-359 > URL: https://issues.apache.org/jira/browse/SENTRY-359 > Project: Sentry > Issue Type: Improvement > Affects Versions: 1.4.0 > Reporter: Prasad Mujumdar > Assignee: Prasad Mujumdar > Attachments: SENTRY-359-noThrift.1.patch, SENTRY-359-noThrift.2.patch, SENTRY-359.1.patch, SENTRY-359.2.patch > > > The current implementation of list_sentry_privileges_for_provider is specifically to facilitate Sentry auth engine. It's not intended to be a general purpose metadata query. > We should add a new API that returns the list of privileges (TSentryPrivilege) for the give authorizable object and all it's applicable privileges. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
Mime	Unnamed text/plain (inline, 7-Bit, 2386 bytes)
	View raw message