I don't think there exists a user-level privileges doc yet. I can commit to finish the default owner privileges and submit a spec doc for the changes we can do to finish it soon.
Anyone else likes to commit to user-level? Btw, I'd like to lower Sentry 2.1 to 1 or 2 features so that we have a release sooner? since Sentry 2.0 was released back in November 2017, it should be good to have another release soon with fewer features ideas? - Sergio On Thu, Jan 25, 2018 at 1:19 PM, Alexander Kolbasov <ak...@cloudera.com> wrote: > Thanks for the link - it is nice to integrate this discussion with JIRA > keywords. Looks like we need to go through the list and add categorize it > into short-term and long-term buckets. > > I think Sergio's idea of doing smaller releases with small number of > features included makes sense. We can vote for individual features, of > course but it only makes sense if someone actually commits to implementing > it. > > Looks like so far the discussion is about improving user-level privileges - > it would be a good content for 2.1 release. > > Is there some kind of design doc for user-level privileges in general? If > not, would it make sense to create one? > > - Alex > > On Thu, Jan 25, 2018 at 11:13 AM, Sergio Pena <sergio.p...@cloudera.com> > wrote: > > > There is a section on the Wiki about roadmap ideas and JIRAs already > > created: > > https://cwiki.apache.org/confluence/display/SENTRY/ > > Sentry+Roadmap+and+ideas > > > > I'm interested in having user-level privileges and special user > privileges > > for objects owners. > > > > I got this from the linked above: > > SENTRY-1073 User who creates a table should be granted all privileges > on > > it by default > > SENTRY-1068 Allow user who created a table to have "with grant" over > that > > table by default > > Creator of a table should have ownership of it (all privileges) > > Allow privileges to be granted to users directly > > > > We should start planning the next Sentry 2.1 release based on the desired > > features. What about > > having 2 or 3 features on Sentry 2.1? > > > > I vote for: > > - user-level privileges (currently grant user to role is only supported) > > - default user privileges for objects owners > > > > Should we start a vote for new features for 2.1? > > > > - Sergio > > > > On Thu, Jan 25, 2018 at 12:46 PM, Kalyan Kumar Kalvagadda < > > kkal...@cloudera.com> wrote: > > > > > I would like to add something here. > > > > > > > > > 1. Current support for user-based-privileges allows admin to grant a > > > role to user. Ideally, user-based-privileges feature should be > > allowing > > > administrator to grant privileges to individual users directly. > > > - I'm working on this to come up with a scope doc. > > > 2. Currently sentry stores only grant privileges. This is not > > > flexible. Let's say an administrator wants to grant role with select > > on > > > the > > > all tables in a database except for couple to them, he needs to > > > individual > > > select privileges for each table. > > > 1. Implementation should let you add a grant privilege on > database > > > and revokes privileges on the tables with in that database, > > > 2. This needs new look into privilege model that sentry currently > > > has. > > > > > > > > > -Kalyan > > > > > > > > > -Kalyan > > > > > > On Thu, Jan 25, 2018 at 12:16 PM, Alexander Kolbasov < > ak...@cloudera.com > > > > > > wrote: > > > > > > > Good point. There is some support for user-level privileges in 2.0 > > > already > > > > - do you think that it is not sufficient and is missing some parts? > > > > > > > > Is there anyone reading this who participated in the user-level > > > privileges > > > > in Sentry work done earlier? Is there any design doc for this? > > > > > > > > - Alex > > > > > > > > On Thu, Jan 25, 2018 at 10:11 AM, Na Li <lina...@cloudera.com> > wrote: > > > > > > > > > Sasha, > > > > > > > > > > It would be nice to have more features for sentry. > > > > > > > > > > For example, make user-based privileges working. So user can assign > > > user > > > > > directly to a role instead of through group. > > > > > > > > > > Lina > > > > > > > > > > On Thu, Jan 25, 2018 at 11:58 AM, Alexander Kolbasov < > > > ak...@cloudera.com > > > > > > > > > > wrote: > > > > > > > > > > > Now that we have Sentry 2.0 release, I think it is a good time to > > > step > > > > > back > > > > > > from fixing bugs and immediate problems and start discussions on > > > > roadmap > > > > > > for Sentry going forward. Do we want to just keep it as is and > > > improve > > > > > > things here and there or we want to add new features? > > > > > > > > > > > > What do people think? > > > > > > > > > > > > - Alex > > > > > > > > > > > > > > > > > > > > >
