> On Oct. 7, 2014, 7:10 a.m., Prasad Mujumdar wrote: > > Looks mostly fine. Thanks for adding an extensive test case. > > > > A couple of high level comments: > > - With this patch, the metastore can directly handle filtering the metadata > > as per user's privileges. We can get rid of SentryHiveMetaStoreClient on > > HiveServer2. > > - As a followup to this patch, we should look into moving the metastore > > write authorization check in this class. Let's create a separate ticket to > > track it. > > - - Once the column level privileges are committed, we'll need to extend > > the filtering to columns. I have filed SENTRY-491 to track it
I'll implement these features in the new tickets. > On Oct. 7, 2014, 7:10 a.m., Prasad Mujumdar wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/MetastoreFilter.java, > > line 306 > > <https://reviews.apache.org/r/25879/diff/1/?file=699160#file699160line306> > > > > Can we move these filterShowXXX() methods from HiveAuthzBindingHook to > > this class ? This'll be fixed when working on "get rid of SentryHiveMetaStoreClient on HiveServer2". - Colin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/25879/#review55631 ----------------------------------------------------------- On Oct. 8, 2014, 8 a.m., Colin Ma wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/25879/ > ----------------------------------------------------------- > > (Updated Oct. 8, 2014, 8 a.m.) > > > Review request for sentry, Lenni Kuff, Prasad Mujumdar, and Sravya > Tirukkovalur. > > > Repository: sentry > > > Description > ------- > > The Metastore plugin currently enforces Sentry policies for metadata > modifications. This makes it inconsistent with Hive plugin that support > privileges for both metadata read and write. > We should support the policy enforcement for metadata read as well. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java > PRE-CREATION > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java > 4c66ffe > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/25879/diff/ > > > Testing > ------- > > > Thanks, > > Colin Ma > >
