I was mostly thinking auth object = database/table which would be beneficial in the above use case I mentioned. And we export all the permissions -> roles pertaining to this auth object and roles-> groups for those roles?
On Sun, Jun 28, 2015 at 9:59 PM, Sun, Dapeng <[email protected]> wrote: > Yes, it's a good idea. > > I think we should document what auth object we will support and which rule > will we export. > For example, could the auth object be database, role and etc? and our > policy rules are user->group->role->permission, which mapping relationships > will be exported? > > > Regards > Dapeng > > -----Original Message----- > From: Ma, Junjie [mailto:[email protected]] > Sent: Monday, June 29, 2015 9:06 AM > To: [email protected] > Subject: RE: Import/ export rules for specific data objects > > > I thinks this is an useful feature for the migration. This can be an > improvement of SENTRY-197, and we can created a new ticket to trace this. > > Best regards, > > Colin Ma(Ma Jun Jie) > > -----Original Message----- > From: Sravya Tirukkovalur [mailto:[email protected]] > Sent: Sunday, June 28, 2015 2:07 AM > To: dev > Subject: Import/ export rules for specific data objects > > Hi fellow developers, > > We are working on the import/export feature of sentry rules as part of > SENTRY-197. As a follow on I was wondering if it might help to add a > functionality where we can export/ import rules for a specific auth object. > So for example: export sentry rules for database db1. I think this might > have multiple use cases like when users setup their rules for a db on a > test environment and then migrate them to production. > > What do you guys think? > > Thanks! > -- Sravya Tirukkovalur
