> On April 19, 2018, 3:23 p.m., Arjun Mishra wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java
> > Lines 19 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002481#file2002481line19>
> >
> >     Is Attribute persisted?

Currently, maybe.  I need to update the doc that mentions it as we've had some 
discussions about this part.  But it would be stored in a cache that then could 
be persisted to disk.  Or even stored in the Sentry DB.


> On April 19, 2018, 3:23 p.m., Arjun Mishra wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
> > Lines 44 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002482#file2002482line44>
> >
> >     If Attribute and SentryObject are tables, I believe that this should 
> > also be a table. Seems like it is a Many-To-Many mapping. If you had the 
> > database we won't need many of the below methods right?

See comment above.


> On April 19, 2018, 3:23 p.m., Arjun Mishra wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java
> > Lines 60 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002482#file2002482line60>
> >
> >     Thinking if there is a better way to do this
> >     
> >     Instead of addEntry, can we have addAttributeToObject, and 
> > addObjectToAttribute? Then we could have 2 methods as opposed to 3 separate 
> > addEntry methods

For static attribute ingestion (snapshots) we'd need the addEntry(Attribute, 
SentryOBject) method.  For the deltas, I think we'd need the individual 
methods, but renaming them would be beneficial.  I'll make that change.


> On April 19, 2018, 3:23 p.m., Arjun Mishra wrote:
> > sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java
> > Lines 27 (patched)
> > <https://reviews.apache.org/r/66590/diff/4/?file=2002487#file2002487line27>
> >
> >     this class seems identical to Attrubute. Any reason why we have another 
> > one? Is this going to be persisted?

This class is planned to be expanded upon later on.  We have an additional 
field contentDescriptor that is planned to be used here.  It allows users to 
classify fields such as "credit_card", "ssn", etc.  The contentDescriptor 
information and other related information needs to be persisted eventually or 
cached depending on the above cache/persistance statement.


- Steve


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66590/#review201522
-----------------------------------------------------------


On April 16, 2018, 7:51 p.m., Steve Moist wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66590/
> -----------------------------------------------------------
> 
> (Updated April 16, 2018, 7:51 p.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> This is the inital draft of attribute based access control.
> 
> 
> Diffs
> -----
> 
>   pom.xml 16a3838a 
>   sentry-abac/example-definition.json PRE-CREATION 
>   sentry-abac/pom.xml PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/Attribute.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMap.java 
> PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapAdapter.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/AttributeMapKeyException.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/GenericAttributeProvider.java
>  PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/SentryAttributeAuthorizer.java
>  PRE-CREATION 
>   sentry-abac/src/main/java/org/apache/sentry/abac/SentryObject.java 
> PRE-CREATION 
>   
> sentry-abac/src/main/java/org/apache/sentry/abac/StaticAttributeProvider.java 
> PRE-CREATION 
>   sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttribute.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestAttributeMap.java 
> PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestSentryAttributeAuthorizer.java
>  PRE-CREATION 
>   
> sentry-abac/src/test/java/org/apache/sentry/tests/abac/TestStaticProvider.java
>  PRE-CREATION 
>   sentry-abac/src/test/resources/abac.props PRE-CREATION 
>   sentry-binding/sentry-binding-hive/pom.xml ccfa9cfe 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
>  1ab5be35 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/SentryHiveAuthorizerImpl.java
>  86ff0cc2 
> 
> 
> Diff: https://reviews.apache.org/r/66590/diff/4/
> 
> 
> Testing
> -------
> 
> full build,added unit tests, tested code on a cluster.
> 
> 
> Thanks,
> 
> Steve Moist
> 
>

Reply via email to