[
https://issues.apache.org/jira/browse/RANGER-3900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramachandran updated RANGER-3900:
---------------------------------
Description:
*{color:#0000ff}Role Deletion Steps in Apache Ranger:{color}*{color:#0000ff}
{color}
{code:java}
1. Getting XXRole by roleName:
XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName); → 1DB Read call
2. Ensuring role is not in policy
Long roleRefPolicyCount =
daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(roleName); → 1DB Read call
3. Ensuring role is not in another role
Long roleRefRoleCount =
daoMgr.getXXRoleRefRole().findRoleRefRoleCount(roleName);→ 1DB Read call
4. Fetching RangerRole by id
RangerRole role = roleService.read(xxRole.getId()); → 1DB Read call
5. Dereferencing all the users from the role.
for (XXRoleRefUser xxRoleRefUser : xRoleUserDao.findByRoleId(roleId)) { → 1DB
Read call
xRoleUserDao.remove(xxRoleRefUser); → 1DB Write call for each xxRoleRefUser
}
6. Dereferencing all the groups from the role
for (XXRoleRefGroup xxRoleRefGroup : xRoleGroupDao.findByRoleId(roleId)) { →
1DB Read call
xRoleGroupDao.remove(xxRoleRefGroup); → 1DB Write call for each xxRoleRefGroup
}
7. Dereferencing all other roles from the role.
for (XXRoleRefRole xxRoleRefRole : xRoleRoleDao.findByRoleId(roleId)) {→ 1DB
Read call
xRoleRoleDao.remove(xxRoleRefRole);→ 1DB Write call for each xxRoleRefRole
}
8. Delete the rangerRole in DB
roleService.delete(role); → 1DB Write call
9. Create TrxLog
bizUtil.createTrxLog(trxLogList) → 1DB Write call
{code}
*{color:#0000ff}Total number of DB calls involved for the below role deletion
in Apache Ranger:{color}*
*{color:#0000ff}{color:#1d1c1d}Deleting the role which contain more
users:{color}{color}*
1.role contains 100 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the
role||
|102|6|0|1.01 seconds|
1 role contains 500 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the
role||
|502|6|0| 2.241 seconds|
1 role contains 1000 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the
role||
|1002|6|0|3.14 seconds|
{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was associated with the
role .Now that role got deleted)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.5 seconds|
{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was not associated with
any role)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.2 seconds|
{color:#FF0000}Recommendation{color} :
When we reduce the number of users added into the role -→ Total number of DB
calls will be reduced
Instead of adding roles to the users ,can we add those users into group. And
then link that group to the role ?
if we use groups instead of directly adding users into role, total number DB
write call will be reduced to 2 from 1002 for 1k users
{color:#ff0000}Proposal{color}:
{color:#ff0000}We can try DB batch write call instead of 1 DB write call for
every user deference {color}
was:
*{color:#0000ff}Role Deletion Steps in Apache Ranger:{color}*{color:#0000ff}
{color}
{code:java}
1. Getting XXRole by roleName:
XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName); → 1DB Read call
2. Ensuring role is not in policy
Long roleRefPolicyCount =
daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(roleName); → 1DB Read call
3. Ensuring role is not in another role
Long roleRefRoleCount =
daoMgr.getXXRoleRefRole().findRoleRefRoleCount(roleName);→ 1DB Read call
4. Fetching RangerRole by id
RangerRole role = roleService.read(xxRole.getId()); → 1DB Read call
5. Dereferencing all the users from the role.
for (XXRoleRefUser xxRoleRefUser : xRoleUserDao.findByRoleId(roleId)) { → 1DB
Read call
xRoleUserDao.remove(xxRoleRefUser); → 1DB Write call for each xxRoleRefUser
}
6. Dereferencing all the groups from the role
for (XXRoleRefGroup xxRoleRefGroup : xRoleGroupDao.findByRoleId(roleId)) { →
1DB Read call
xRoleGroupDao.remove(xxRoleRefGroup); → 1DB Write call for each xxRoleRefGroup
}
7. Dereferencing all other roles from the role.
for (XXRoleRefRole xxRoleRefRole : xRoleRoleDao.findByRoleId(roleId)) {→ 1DB
Read call
xRoleRoleDao.remove(xxRoleRefRole);→ 1DB Write call for each xxRoleRefRole
}
8. Delete the rangerRole in DB
roleService.delete(role); → 1DB Write call
9. Create TrxLog
bizUtil.createTrxLog(trxLogList) → 1DB Write call
{code}
*{color:#0000ff}Total number of DB calls involved for the below role deletion
in Apache Ranger:{color}*
*{color:#0000ff}{color:#1d1c1d}Deleting the role which contain more
users:{color}{color}*
1.role contains 100 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the
role||
|102|6|0|1.01 seconds|
1 role contains 500 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the
role||
|502|6|0| 2.241 seconds|
1 role contains 1000 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the
role||
|1002|6|0|3.14 seconds|
{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was associated with the
role .Now that role got deleted)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.5 seconds|
{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was not associated with
any role)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.2 seconds|
{color:#ff0000}Recommendation :{color}
When we reduce the number of users added into the role -→ Total number of DB
calls will be reduced
Instead of adding roles to the users ,can we add those users into group. And
then link that group to the role ?
if we use groups instead of directly adding users into role, total number DB
write call will be reduced to 2 from 1002 for 1k users
{color:#FF0000}Proposal{color}:
{color:#ff0000}We can try DB batch write call instead of 1 DB write call for
every user deference
{color}
> Roles deletion Takes time in Apache Ranger when there are more users
> --------------------------------------------------------------------
>
> Key: RANGER-3900
> URL: https://issues.apache.org/jira/browse/RANGER-3900
> Project: Ranger
> Issue Type: Improvement
> Components: Ranger
> Affects Versions: 3.0.0
> Reporter: Ramachandran
> Priority: Major
>
> *{color:#0000ff}Role Deletion Steps in Apache Ranger:{color}*{color:#0000ff}
> {color}
>
> {code:java}
>
> 1. Getting XXRole by roleName:
> XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName); → 1DB Read call
> 2. Ensuring role is not in policy
> Long roleRefPolicyCount =
> daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(roleName); → 1DB Read call
> 3. Ensuring role is not in another role
> Long roleRefRoleCount =
> daoMgr.getXXRoleRefRole().findRoleRefRoleCount(roleName);→ 1DB Read call
> 4. Fetching RangerRole by id
> RangerRole role = roleService.read(xxRole.getId()); → 1DB Read call
> 5. Dereferencing all the users from the role.
> for (XXRoleRefUser xxRoleRefUser : xRoleUserDao.findByRoleId(roleId)) { →
> 1DB Read call
> xRoleUserDao.remove(xxRoleRefUser); → 1DB Write call for each xxRoleRefUser
> }
> 6. Dereferencing all the groups from the role
> for (XXRoleRefGroup xxRoleRefGroup : xRoleGroupDao.findByRoleId(roleId)) { →
> 1DB Read call
> xRoleGroupDao.remove(xxRoleRefGroup); → 1DB Write call for each
> xxRoleRefGroup
> }
> 7. Dereferencing all other roles from the role.
> for (XXRoleRefRole xxRoleRefRole : xRoleRoleDao.findByRoleId(roleId)) {→ 1DB
> Read call
> xRoleRoleDao.remove(xxRoleRefRole);→ 1DB Write call for each xxRoleRefRole
> }
> 8. Delete the rangerRole in DB
> roleService.delete(role); → 1DB Write call
> 9. Create TrxLog
> bizUtil.createTrxLog(trxLogList) → 1DB Write call
>
> {code}
>
> *{color:#0000ff}Total number of DB calls involved for the below role deletion
> in Apache Ranger:{color}*
>
> *{color:#0000ff}{color:#1d1c1d}Deleting the role which contain more
> users:{color}{color}*
> 1.role contains 100 users
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete
> the role||
> |102|6|0|1.01 seconds|
>
> 1 role contains 500 users
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete
> the role||
> |502|6|0| 2.241 seconds|
> 1 role contains 1000 users
> ||DB Write count||DB Read count||DB Batch Write count||Time taken to delete
> the role||
> |1002|6|0|3.14 seconds|
>
> {color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was associated with
> the role .Now that role got deleted)*{color}{color}
> ||Number of users ||Time taken to delete the each user||
> |1000| 0.8 to 1.5 seconds|
> {color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was not associated
> with any role)*{color}{color}
> ||Number of users ||Time taken to delete the each user||
> |1000| 0.8 to 1.2 seconds|
> {color:#FF0000}Recommendation{color} :
> When we reduce the number of users added into the role -→ Total number of DB
> calls will be reduced
> Instead of adding roles to the users ,can we add those users into group. And
> then link that group to the role ?
> if we use groups instead of directly adding users into role, total number DB
> write call will be reduced to 2 from 1002 for 1k users
>
> {color:#ff0000}Proposal{color}:
> {color:#ff0000}We can try DB batch write call instead of 1 DB write call for
> every user deference {color}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
