[jira] [Commented] (KUDU-3090) Add owner concept in Kudu

Thu, 09 Jul 2020 06:37:21 -0700 


    [ 
https://issues.apache.org/jira/browse/KUDU-3090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17154568#comment-17154568
 ] 

ASF subversion and git services commented on KUDU-3090:
-------------------------------------------------------

Commit f0446b73630d75f6bf9c11b3fcce8953c557b578 in kudu's branch 
refs/heads/master from Attila Bukor
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=f0446b7 ]

KUDU-3090: Native owner metadata in Kudu

Apache Sentry and Apache Ranger both support permissions granted to
table owners, but as Sentry integrates with Apache Hive Metastore (HMS)
and stores its metadata in it, Kudu didn't need to store table ownership
to support granting permissions to owners.

Apache Ranger on the other hand doesn't depend on HMS and needs Kudu to
tell it if the owner is attempting to authorize an action, so to enable
users to grant privileges to owners we need to support ownership
natively.

This patch adds the basic plumbing for table ownership, synchronizing
ownership metadata with HMS both using the notification log listener and
via tooling, and setting the owner on CREATE TABLE and ALTER TABLE
requests in the C++ client.

The maximum owner length is 128 characters by default which aligns with
HMS/Apache Impala maximum owner lengths, but it's configurable with the
max_owner_length flag.

Supporting this in the Java and Python clients, authorizing these
requests, and support for ownership in authorization will come in
follow-up patches.

Credit goes to Grant Henke <granthe...@apache.org> for the initial
version of this patch.

Design doc: https://s.apache.org/kudu-ownership-design

Change-Id: I67f5bfdf56d409960365fd5803913a2d3800831d
Reviewed-on: http://gerrit.cloudera.org:8080/15841
Tested-by: Kudu Jenkins
Reviewed-by: Alexey Serbin <aser...@cloudera.com>
Reviewed-by: Grant Henke <granthe...@apache.org>


> Add owner concept in Kudu
> -------------------------
>
>                 Key: KUDU-3090
>                 URL: https://issues.apache.org/jira/browse/KUDU-3090
>             Project: Kudu
>          Issue Type: New Feature
>          Components: authz, security
>            Reporter: Hao Hao
>            Assignee: Attila Bukor
>            Priority: Major
>              Labels: roadmap-candidate
>
> As mentioned in the Ranger integration design doc, Ranger supports ownership 
> privilege by creating a default policy that allows \{OWNER} of a resource to 
> access it without creating additional policy manually. Unless Kudu actually 
> has a full support for owner, ownership privilege is not possible with Ranger 
> integration.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to