Sravya Tirukkovalur created SENTRY-240:
------------------------------------------
Summary: Handle active roles in the hive binding and get rid of
hive specific sentry thrift api
Key: SENTRY-240
URL: https://issues.apache.org/jira/browse/SENTRY-240
Project: Sentry
Issue Type: Bug
Affects Versions: 1.4.0
Reporter: Sravya Tirukkovalur
Would be good to get rid of maintaining active role set struct and
list_sentry_privileges_for_provider in thrift
I think we should handle active roles on hive side outside of sentry service,
as we do not really store these mappings in the db. And does not make sense to
store these in db as these are per session variables. If we do this, we can
clean up the thrift interface a bit and just have:
TListSentryPrivilegesResponse
list_sentry_privileges(1:TListSentryPrivilegesRequest request)
struct TListSentryPrivilegesRequest {
1: required i32 protocol_version = sentry_common_service.TSENTRY_SERVICE_V1,
2: required string requestorUserName, # user on whose behalf the request is
issued
3: required set<string> roleNames # get privileges assigned for this role
4: optional TSentryAuthorizable authorizableHierarchy
}
And do the set intersection of rolesforGroup and active roles in the hive
binding itself.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
