[jira] [Updated] (SENTRY-498) Sentry authorization V2 via Hive authorization framework

[Xiaomeng Huang (JIRA)]

     [ 
https://issues.apache.org/jira/browse/SENTRY-498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiaomeng Huang updated SENTRY-498:
----------------------------------
    Description: 
Currently Sentry grant/revoke privileges via hook DDLTask, and do authorization 
via SemanticAnalyzerHook. Now hive has a pluggable authorization framework via 
exposing some interfaces HiveAccessController and HiveAuthorizationValidator. 
HiveAccessController is used to grant/revoke roles and privileges. 
HiveAuthorizationValidator is used to do fine-grained authorization. 
Sentry should use this framework to grant/revoke privileges and do 
authorization,
- This framework is very convenient to use by external authorization system. 
- Using this framework will be better accepted by community.
- We don't need to take efforts to add so many hooks. 
- Some hooks has limitations.

  was:
Currently Sentry grant/revoke privileges via hook DDLTask, and do authorization 
via SemanticAnalyzerHook. Now hive has a pluggable authorization framework via 
exposing some interfaces HiveAccessController and HiveAuthorizationValidator. 
HiveAccessController is used to grant/revoke roles and privileges. 
HiveAuthorizationValidator is used to do fine-grained authorization. 
Sentry should use this framework to grant/revoke privileges and do 
authorization,
* This framework is very convenient to use by external authorization system. 
Using this framework will be better accepted by community.


> Sentry authorization V2 via Hive authorization framework
> --------------------------------------------------------
>
>                 Key: SENTRY-498
>                 URL: https://issues.apache.org/jira/browse/SENTRY-498
>             Project: Sentry
>          Issue Type: New Feature
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>
> Currently Sentry grant/revoke privileges via hook DDLTask, and do 
> authorization via SemanticAnalyzerHook. Now hive has a pluggable 
> authorization framework via exposing some interfaces HiveAccessController and 
> HiveAuthorizationValidator. HiveAccessController is used to grant/revoke 
> roles and privileges. HiveAuthorizationValidator is used to do fine-grained 
> authorization. 
> Sentry should use this framework to grant/revoke privileges and do 
> authorization,
> - This framework is very convenient to use by external authorization system. 
> - Using this framework will be better accepted by community.
> - We don't need to take efforts to add so many hooks. 
> - Some hooks has limitations.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)