[
https://issues.apache.org/jira/browse/SENTRY-498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaomeng Huang updated SENTRY-498:
----------------------------------
Description:
Currently Sentry grant/revoke privileges via hook DDLTask, and do authorization
via SemanticAnalyzerHook. Now hive has a pluggable authorization framework via
exposing some interfaces HiveAccessController and HiveAuthorizationValidator.
HiveAccessController is used to grant/revoke roles and privileges.
HiveAuthorizationValidator is used to do fine-grained authorization. This
framework is very convenient to use by external authorization system.
Sentry should use this framework to grant/revoke privileges and do
authorization.
was:Currently Sentry grant/revoke privileges via hook DDLTask, and do
authorization via SemanticAnalyzerHook. Now hive has an authorization framework
via exposing some interfaces HiveAccessController and
HiveAuthorizationValidator.
> Sentry authorization V2 via Hive authorization framework
> --------------------------------------------------------
>
> Key: SENTRY-498
> URL: https://issues.apache.org/jira/browse/SENTRY-498
> Project: Sentry
> Issue Type: New Feature
> Reporter: Xiaomeng Huang
> Assignee: Xiaomeng Huang
>
> Currently Sentry grant/revoke privileges via hook DDLTask, and do
> authorization via SemanticAnalyzerHook. Now hive has a pluggable
> authorization framework via exposing some interfaces HiveAccessController and
> HiveAuthorizationValidator. HiveAccessController is used to grant/revoke
> roles and privileges. HiveAuthorizationValidator is used to do fine-grained
> authorization. This framework is very convenient to use by external
> authorization system.
> Sentry should use this framework to grant/revoke privileges and do
> authorization.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
