sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergio Peña (JIRA) <>
Subject [jira] [Updated] (SENTRY-2372) SentryStore should not implement grantOptionCheck
Date Fri, 26 Oct 2018 19:14:00 GMT


Sergio Peña updated SENTRY-2372:
    Attachment: SENTRY-2372.7.patch

> SentryStore should not implement grantOptionCheck
> -------------------------------------------------
>                 Key: SENTRY-2372
>                 URL:
>             Project: Sentry
>          Issue Type: Improvement
>          Components: Sentry, sentrystore
>    Affects Versions: 2.1.0
>            Reporter: Sergio Peña
>            Assignee: Sergio Peña
>            Priority: Major
>         Attachments: SENTRY-2372.1.patch, SENTRY-2372.2.patch, SENTRY-2372.3.patch, SENTRY-2372.4.patch,
SENTRY-2372.5.patch, SENTRY-2372.6.patch, SENTRY-2372.7.patch
> During functional testing it was found that SentryStore implementation contains logic
that enforces sentry rights and depends on cluster-specific context. Specifically grantOptionCheck
needs to be able to resolve hadoop user's groups and sentry admin groups configured on the
> There are two problems with this:
>  # Some backends use SentryStore in a multi-tenant way and does have the context that
SentryStore expects when it is used in cluster.
>  # Security enforcement logic shouldn't be in SentryStore if it is to be trusted. Since
the backends Sentry API may be stateless the caller has to pass request context to such
implementation backend together with the explicit SentryStore arguments. If the context (e.g.
groups) is passed with the request the checks become unenforceable since caller controls variables
on both sides of the comparison.
> The recommendation is to remove {{grantOptionCheck}} and {{SentryStore}} and to implement
equivalent logic in {{SentryPolicyStoreProcessor}}.

This message was sent by Atlassian JIRA

View raw message