Re: Review Request 61823: SENTRY-1896 - Optimize retrieving roles for groups

Tue, 22 Aug 2017 20:55:07 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61823/#review183568
-----------------------------------------------------------




sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
Line 1822 (original), 1832 (patched)
<https://reviews.apache.org/r/61823/#comment259614>

    Note that in many cases we can just get all roles (or a useful subset) in 
memory and do some joins ourselves in memory.



sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
Lines 1834 (patched)
<https://reviews.apache.org/r/61823/#comment259613>

    Problem with direct SQL is that it should be carefully tested with each DB 
engine. It would be better to stay within JDOQL.



sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
Lines 1840 (patched)
<https://reviews.apache.org/r/61823/#comment259615>

    You are introducing SQL injection vulnerability here. Please take a look at 
QueryParamBuilder or provide parameterized query.


- Alexander Kolbasov


On Aug. 22, 2017, 9:58 p.m., Arjun Mishra wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61823/
> -----------------------------------------------------------
> 
> (Updated Aug. 22, 2017, 9:58 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Vamsee Yarlagadda, and Vadim 
> Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Right now when we get privileges from sentry, we pass in a provider like set 
> of groups. Then we create a MSentryGroup object for each group and then get 
> roles using the .getRoles() method. However, DataNucleus takes too long and 
> the fetch doesn't seem to be lazy. This is bad since we only need the 
> roleNames for the group and not the entire Role object.  
> Instead running a SQL like query and just getting roleNames will drastically 
> improve performance
> 
> 
> Diffs
> -----
> 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  d7acaea7c 
> 
> 
> Diff: https://reviews.apache.org/r/61823/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Arjun Mishra
> 
>

Reply via email to