> On Jan. 29, 2016, 9:57 p.m., Anne Yu wrote: > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java, > > line 22 > > <https://reviews.apache.org/r/42287/diff/3/?file=1225562#file1225562line22> > > > > Thanks Colin for your clarification. It helps me to understand more. > > > > What is action here? > > > > So String means plain string match; URI (or URL) mean regex match, is > > that right?
ACTION is for action match, eg, compare insert and select. In CommonPrivilege.impliesValue(), all kinds of matches are defined according to the ImplyMethodType. > On Jan. 29, 2016, 9:57 p.m., Anne Yu wrote: > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java, > > line 41 > > <https://reviews.apache.org/r/42287/diff/3/?file=1225569#file1225569line41> > > > > Does this also apply to hive? Does insert privilege means insert + > > select? In our current implementation, insert and select are different. Sorry for the misunderstanding, it's an example to show the test case on insert=insert+select. For the Hive, insert shouldn't imply the select according to the current implementation. - Colin ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42287/#review117028 ----------------------------------------------------------- On Jan. 29, 2016, 8:41 a.m., Colin Ma wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42287/ > ----------------------------------------------------------- > > (Updated Jan. 29, 2016, 8:41 a.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > ------- > > Create CommonPrivilege for every component. > The main change is for the interface Privilege, implies(Privilege p) ---> > implies(Privilege privilege, Map<String, String> implyMethodMap, Map<String, > Integer> actionMap) > The actionMap is stored the mapping between action name and action value, eg: > for Hive: select ---> 1 (binary: 0000001) > insert ---> 3 (binary: 0000011) > create ---> 4 (binary: 0000100) > all ---> 7 (binary: 0000111) > when compare the action, use the action value with the & operator > The implyMethodMap is stored the mapping between resource type and imply > method, eg: > for Hive: db ---> string (imply as string value) > url ---> url (imply as url value) > > > Diffs > ----- > > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java > PRE-CREATION > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java > PRE-CREATION > > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java > 0bad8c1 > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ColumnResourceForTest.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/DbResourceForTest.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ServerResourceForTest.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TableResourceForTest.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java > PRE-CREATION > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java > 2dfc7c5 > > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/UrlResourceForTest.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/42287/diff/ > > > Testing > ------- > > > Thanks, > > Colin Ma > >
