[ https://issues.apache.org/jira/browse/SENTRY-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dapeng Sun updated SENTRY-390:
------------------------------
Attachment: SENTRY-390.002.patch
> Extend Thrift API to support column-level privilege
> ---------------------------------------------------
>
> Key: SENTRY-390
> URL: https://issues.apache.org/jira/browse/SENTRY-390
> Project: Sentry
> Issue Type: Sub-task
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Fix For: 1.5.0
>
> Attachments: SENTRY-390.002.patch, SENTRY-390.patch
>
>
> The jira include:
> # SENTRY Thrift API changed :
> #* We change the field {{TSentryPrivilege privilege}} to {{set<TSentryPrivilege>
privileges}} in {{TAlterSentryRoleGrantPrivilegeRequest}} and {{TAlterSentryRoleRevokePrivilegeRequest}},
The reason is the HIVE GRANT may like {{Grant SELECT (tb1.col1, tb2.col2) on TABLE table1
to role roleName}}, it contains two privileges ({{col1}} and {{col2}}) for SENTRY, to reduce
the request API calls, we make it change.
> #* Another way to Implement it, maybe add a {{column list}} to {{TSentryPrivilege}},
but it will bring more problems, we know SentryStore has many convert methods between {{TSentryPrivilege}}
and {{MSentryPrivilege}}, and query an unique {{MSentryPrivilege}} use {{TSentryPrivilege}}
as query condition, so we should make them one-to-one correspondence.
> # Change {{SentryStore}} after Thrift API changed
> # Change {{SentryPolicyStoreProcessor}} and {{SentryPolicyServiceClient}} after Thrift
API changed, include the grant/revoke methods about column privilege
> # Change {{Auditlog}} after Thrift API changed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
|