I would like to add something here.
1. Current support for user-based-privileges allows admin to grant a
role to user. Ideally, user-based-privileges feature should be allowing
administrator to grant privileges to individual users directly.
- I'm working on this to come up with a scope doc.
2. Currently sentry stores only grant privileges. This is not
flexible. Let's say an administrator wants to grant role with select on the
all tables in a database except for couple to them, he needs to individual
select privileges for each table.
1. Implementation should let you add a grant privilege on database
and revokes privileges on the tables with in that database,
2. This needs new look into privilege model that sentry currently has.
-Kalyan
-Kalyan
On Thu, Jan 25, 2018 at 12:16 PM, Alexander Kolbasov <ak...@cloudera.com>
wrote:
> Good point. There is some support for user-level privileges in 2.0 already
> - do you think that it is not sufficient and is missing some parts?
>
> Is there anyone reading this who participated in the user-level privileges
> in Sentry work done earlier? Is there any design doc for this?
>
> - Alex
>
> On Thu, Jan 25, 2018 at 10:11 AM, Na Li <lina...@cloudera.com> wrote:
>
> > Sasha,
> >
> > It would be nice to have more features for sentry.
> >
> > For example, make user-based privileges working. So user can assign user
> > directly to a role instead of through group.
> >
> > Lina
> >
> > On Thu, Jan 25, 2018 at 11:58 AM, Alexander Kolbasov <ak...@cloudera.com
> >
> > wrote:
> >
> > > Now that we have Sentry 2.0 release, I think it is a good time to step
> > back
> > > from fixing bugs and immediate problems and start discussions on
> roadmap
> > > for Sentry going forward. Do we want to just keep it as is and improve
> > > things here and there or we want to add new features?
> > >
> > > What do people think?
> > >
> > > - Alex
> > >
> >
>
