Lenni Kuff created SENTRY-419:
---------------------------------
Summary: Support reading from the sentry policy service at a
consistent point in time
Key: SENTRY-419
URL: https://issues.apache.org/jira/browse/SENTRY-419
Project: Sentry
Issue Type: Task
Reporter: Lenni Kuff
It would be very useful for the Sentry Service to support reading the policy
metadata at a consistent point in time (read a snapshot). This would allow for
better consistency guarantees by clients that cache policy metadata, and would
also probably benefit non-cached sentry clients as well.
For example, when a cached client is reading from the Sentry service they
typically would implement something along the lines of (in pseudo-code):
{code}
for(Role role: listRoles()) {
for (Privilege priv: listPrivileges(role.getName())
// Process privilege
}
{code}
Consider the following case where there are two roles - Role A and Role B.
The client processes all privileges for Role A, but before the client moves to
Role B, a user revokes a privilege from Role A and grants it to Role B. The
client may think that this privilege belongs to both roles., which is a state
the sentry policy service has never been in.
Providing a way to read a consistent snapshot would solve this problem. A bonus
would be to support reading an incremental update of the metadata since some
previous point in time.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
