----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67452/#review204459 -----------------------------------------------------------
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java Lines 2996 (patched) <https://reviews.apache.org/r/67452/#comment286946> can you 1) add a public function like GrantOwnerPrivilege(final TSentryAuthorizable tAuthorizable, String ownerName, SentryEntityType entityType, final List<Update> updates) 2) change updateOwnerPrivilege to protected function 3) Inside this new function, calls listSentryOwnerPrivilegesByAuthorizable, and then updateOwnerPrivilege? In this way, caller can call one function to grant owner privilege when table is created or when owner is changed. sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java Lines 2999 (patched) <https://reviews.apache.org/r/67452/#comment286947> How is the content of updates generated? This function does not generate its content. You can use similar approach to generate update "Update update = privilegesUpdateMap.get(privilege);" public void alterSentryUserGrantPrivileges(final String grantorPrincipal, final String userName, final Set<TSentryPrivilege> privileges, final Map<TSentryPrivilege, Update> privilegesUpdateMap) throws Exception { try { MSentryUser userEntry = getMSentryUserByName(userName, false); if (userEntry == null) { createSentryUser(userName); } } catch (SentryAlreadyExistsException e) { // the user may be created by other thread, so swallow the exception and proeed } Preconditions.checkNotNull(privilegesUpdateMap); for (TSentryPrivilege privilege : privileges) { Update update = privilegesUpdateMap.get(privilege); if (update != null) { alterSentryUserGrantPrivilege(grantorPrincipal, userName, privilege, update); } else { alterSentryUserGrantPrivilege(grantorPrincipal, userName, privilege); } } } - Na Li On June 7, 2018, 4:54 p.m., kalyan kumar kalvagadda wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67452/ > ----------------------------------------------------------- > > (Updated June 7, 2018, 4:54 p.m.) > > > Review request for sentry, Na Li and Sergio Pena. > > > Bugs: SENTRY-2257 > https://issues.apache.org/jira/browse/SENTRY-2257 > > > Repository: sentry > > > Description > ------- > > Implement functionality in sentry store to update owner privilege on an > authorizable. > > Here is the approach. > > There are two new API's that are exposed. > > To list the owner privileges granted to an authorizable > 1. update the owner privilege to new owner > > Here is the Flow. > 1. SentryPolicyStoreProcessor would first get the list of privileges that are > to be revoked. > 2. Using the list of privileges that are to be revoked, list of > PermissionsUpdate is generated using SentryPlug-in > 3. SentryPolicyStoreProcessor would then use the new API to update the owner > privileges. > > This way all the updated listed below happen in the same transaction > 1. Revoking the exixting owner privilage for authorizable > 2. Granting new owner privilege fot authorizable. > 3. Adding delta update for owner privilege revoked > 4. Adding delta update for owner privilege granted. > > > Diffs > ----- > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > e6b71b5a4a97deafdf955bd70f0ead760e5fdb1a > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java > 12c6d916cf449499c1cceb6ddc50e68c88a6606e > > > Diff: https://reviews.apache.org/r/67452/diff/5/ > > > Testing > ------- > > Added new tests to verify new functionality added. > > > Thanks, > > kalyan kumar kalvagadda > >
