Hi Colin, Some design question regarding this feature:
Say if user has both group and user level select on table privileges. After revoke user level privilege, will group level privilege still apply to the user, can user select form table? Or after revoke group privilege, will user level privilege still be valid? Here also need to consider situations when user belongs to multiple groups. How to handle backward compatibility? That is, if user has user level privilege, backward sentry to an older version, how to translate it to group level privilege or just treat user has no privileges? Thanks, Anne On Wed, Jan 6, 2016 at 9:55 PM, Ma, Junjie <[email protected]> wrote: > Hi, > > Currently, sentry only support grant group to role, there should be a > reasonable feature to grant user to role. This is also the gap between Hive > and Sentry, for Hive, the following command is supported: > GRANT role_name TO USER user > I think it's an useful feature for authorization, and the SENTRY-711 is > created for this. You can get the design doc, patch, review board's link in > this JIRA. > Feel free for any comments, thanks. > > Best regards, > > Colin Ma(Ma Jun Jie) > > -- Thanks, Anne
