Re: Review Request 25879: SENTRY-355: Support metadata read privilege enforcement for Metastore pluging

Tue, 07 Oct 2014 00:11:21 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25879/#review55631
-----------------------------------------------------------


Looks mostly fine. Thanks for adding an extensive test case.

A couple of high level comments: 
- With this patch, the metastore can directly handle filtering the metadata as 
per user's privileges. We can get rid of SentryHiveMetaStoreClient on 
HiveServer2.
- As a followup to this patch, we should look into moving the metastore write 
authorization check in this class. Let's create a separate ticket to track it.
- - Once the column level privileges are committed, we'll need to extend the 
filtering to columns. I have filed SENTRY-491 to track it


sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreFilter.java
<https://reviews.apache.org/r/25879/#comment96001>

    Can we move these filterShowXXX() methods from HiveAuthzBindingHook to this 
class ?


- Prasad Mujumdar


On Oct. 6, 2014, 1:19 a.m., Colin Ma wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25879/
> -----------------------------------------------------------
> 
> (Updated Oct. 6, 2014, 1:19 a.m.)
> 
> 
> Review request for sentry, Lenni Kuff, Prasad Mujumdar, and Sravya 
> Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> The Metastore plugin currently enforces Sentry policies for metadata 
> modifications. This makes it inconsistent with Hive plugin that support 
> privileges for both metadata read and write.
> We should support the policy enforcement for metadata read as well.
> 
> 
> Diffs
> -----
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreFilter.java
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
>  4c66ffe 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestMetastoreFilter.java
>  PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/25879/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Colin Ma
> 
>

Reply via email to