> On Sept. 21, 2018, 5:18 p.m., kalyan kumar kalvagadda wrote: > > Sergio, > > > > Sentry server is policy store and does not need to understand the > > action.Let's keep it that way. Logic of validiting the actions is present > > in the sentry bindings. I think this logic should go there instead of > > SentryPolicyStoreProcessor.
I agree, but then we'll need to have the configuration in all the bindings. Hive, Impala (and next SparkSQL) will need this configuration otherwise they will be able to grant those privileges that we're trying to avoid. If Impala does not configure those privileges correctly ,then Hive will use them. - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68788/#review208868 ----------------------------------------------------------- On Sept. 21, 2018, 2:24 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68788/ > ----------------------------------------------------------- > > (Updated Sept. 21, 2018, 2:24 p.m.) > > > Review request for sentry. > > > Bugs: sentry-2413 > https://issues.apache.org/jira/browse/sentry-2413 > > > Repository: sentry > > > Description > ------- > > Add a new configuration 'sentry.db.explicit.grants.permitted' that accepts a > comma-separated list of privileges that can be granted by Sentry DB clients. > If the value is empty, then any privilege can be granted as it works normally > (this is the default behavior). > > > Diffs > ----- > > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/service/common/ServiceConstants.java > adc1947a1a1dd72ef9e6dd743e166979759709b2 > > sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/common/SentryServiceUtil.java > 8cdbde4f9e81b278c8737ea031820e20e0cf5704 > > sentry-service/sentry-service-api/src/test/java/org/apache/sentry/api/common/TestSentryServiceUtil.java > PRE-CREATION > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java > 3a9623b46f7c4335db18113574170f761da9a4ca > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java > c23b3850f097b563912c06b29ffd26ea0709b9fd > > > Diff: https://reviews.apache.org/r/68788/diff/2/ > > > Testing > ------- > > Unit tests added. > > > Thanks, > > Sergio Pena > >
