[
https://issues.apache.org/jira/browse/SENTRY-359?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14127595#comment-14127595
]
Arun Suresh commented on SENTRY-359:
------------------------------------
Looks good prasad..
Even though having a {{set<string> groups}} in the request might be a cleaner,
I agree with [~romainr] that It might be better to add {{TSentryActiveRoleSet}}
in the request too.. my thinking is that a downstream system might know less
about the groups and more about roles the systems can play with (role -> group
mapping might not be available to it)
> Support Sentry service API to retrieve applicable privileges for a given
> authorizable object
> --------------------------------------------------------------------------------------------
>
> Key: SENTRY-359
> URL: https://issues.apache.org/jira/browse/SENTRY-359
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.4.0
> Reporter: Prasad Mujumdar
> Assignee: Prasad Mujumdar
> Attachments: SENTRY-359-noThrift.1.patch,
> SENTRY-359-noThrift.2.patch, SENTRY-359.1.patch, SENTRY-359.2.patch
>
>
> The current implementation of list_sentry_privileges_for_provider is
> specifically to facilitate Sentry auth engine. It's not intended to be a
> general purpose metadata query.
> We should add a new API that returns the list of privileges
> (TSentryPrivilege) for the give authorizable object and all it's applicable
> privileges.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
