[ https://issues.apache.org/jira/browse/KUDU-3090?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17154568#comment-17154568 ]
ASF subversion and git services commented on KUDU-3090: ------------------------------------------------------- Commit f0446b73630d75f6bf9c11b3fcce8953c557b578 in kudu's branch refs/heads/master from Attila Bukor [ https://gitbox.apache.org/repos/asf?p=kudu.git;h=f0446b7 ] KUDU-3090: Native owner metadata in Kudu Apache Sentry and Apache Ranger both support permissions granted to table owners, but as Sentry integrates with Apache Hive Metastore (HMS) and stores its metadata in it, Kudu didn't need to store table ownership to support granting permissions to owners. Apache Ranger on the other hand doesn't depend on HMS and needs Kudu to tell it if the owner is attempting to authorize an action, so to enable users to grant privileges to owners we need to support ownership natively. This patch adds the basic plumbing for table ownership, synchronizing ownership metadata with HMS both using the notification log listener and via tooling, and setting the owner on CREATE TABLE and ALTER TABLE requests in the C++ client. The maximum owner length is 128 characters by default which aligns with HMS/Apache Impala maximum owner lengths, but it's configurable with the max_owner_length flag. Supporting this in the Java and Python clients, authorizing these requests, and support for ownership in authorization will come in follow-up patches. Credit goes to Grant Henke <granthe...@apache.org> for the initial version of this patch. Design doc: https://s.apache.org/kudu-ownership-design Change-Id: I67f5bfdf56d409960365fd5803913a2d3800831d Reviewed-on: http://gerrit.cloudera.org:8080/15841 Tested-by: Kudu Jenkins Reviewed-by: Alexey Serbin <aser...@cloudera.com> Reviewed-by: Grant Henke <granthe...@apache.org> > Add owner concept in Kudu > ------------------------- > > Key: KUDU-3090 > URL: https://issues.apache.org/jira/browse/KUDU-3090 > Project: Kudu > Issue Type: New Feature > Components: authz, security > Reporter: Hao Hao > Assignee: Attila Bukor > Priority: Major > Labels: roadmap-candidate > > As mentioned in the Ranger integration design doc, Ranger supports ownership > privilege by creating a default policy that allows \{OWNER} of a resource to > access it without creating additional policy manually. Unless Kudu actually > has a full support for owner, ownership privilege is not possible with Ranger > integration. -- This message was sent by Atlassian Jira (v8.3.4#803005)