sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Romain Rigaux (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-359) Support Sentry service API to retrieve applicable privileges for a given authorizable object
Date Tue, 09 Sep 2014 19:28:28 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14127434#comment-14127434
] 

Romain Rigaux commented on SENTRY-359:
--------------------------------------

This is pretty good! I like the API. We can use it to list the priv of one object or its underlying
objects if we know them.

Not reusing TSentryActiveRoleSet for '+3: optional set<string> groups' in TListSentryPrivilegesByAuthRequest
?

{code} struct TAlterSentryRoleGrantPrivilegeResponse {
 1: required sentry_common_service.TSentryResponseStatus status
+2: optional TSentryPrivilege privilege
 }
  
+# List role:set<privileges> for the given authorizable
+# Optionally use the set of groups to filter the roles
+struct TSentryPrivilegeMap {
+1: required map<string, set<TSentryPrivilege>> privilegeMap
+}
+struct TListSentryPrivilegesByAuthRequest {
+1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
+2: required set<TSentryAuthorizable> authorizableSet,
+3: optional set<string> groups
+}
+struct TListSentryPrivilegesByAuthResponse {
+1: required sentry_common_service.TSentryResponseStatus status,
+2: required map<TSentryAuthorizable, TSentryPrivilegeMap> privilegesMapByAuth
+}
+
+
+ TListSentryPrivilegesByAuthResponse list_sentry_privileges_by_authorizable(1:TListSentryPrivilegesByAuthRequest
request);
{code}

> Support Sentry service API to retrieve applicable privileges for a given authorizable
object
> --------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-359
>                 URL: https://issues.apache.org/jira/browse/SENTRY-359
>             Project: Sentry
>          Issue Type: Improvement
>    Affects Versions: 1.4.0
>            Reporter: Prasad Mujumdar
>            Assignee: Prasad Mujumdar
>         Attachments: SENTRY-359-noThrift.1.patch, SENTRY-359-noThrift.2.patch, SENTRY-359.1.patch,
SENTRY-359.2.patch
>
>
> The current implementation of list_sentry_privileges_for_provider is specifically to
facilitate Sentry auth engine. It's not intended to be a general purpose metadata query.
> We should add a new API that returns the list of privileges (TSentryPrivilege)  for the
give authorizable object and all it's applicable privileges. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message