[
https://issues.apache.org/jira/browse/SENTRY-1947?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16163206#comment-16163206
]
Arjun Mishra commented on SENTRY-1947:
--------------------------------------
Sure. I want to optimize _listSentryPrivilegesForProvider_ method where we pass
in _roleSet_ parameter, that represents all roles marked _CURRENT_
{noformat}
listSentryPrivilegesForProvider(Set<String> groups, Set<String> users,
TSentryActiveRoleSet roleSet, TSentryAuthorizable authHierarchy)
{noformat}
However, we still call _getRolesToQuery_() method to get roles. In this method
we basically get all roles for set of groups passed in, then take the
intersection of the result with _roleSet_. Why can't we just check if
_roleSet.getRoles()_ is empty or not and not have to access the Sentry Db. If
there are _CURRENT_ roles, then simply return those roles. We seem to be
accessing database for all roles unnecessarily
> Leverage Current Roles to speed up requests for privileges
> ----------------------------------------------------------
>
> Key: SENTRY-1947
> URL: https://issues.apache.org/jira/browse/SENTRY-1947
> Project: Sentry
> Issue Type: Improvement
> Components: Sentry
> Reporter: Arjun Mishra
> Assignee: Arjun Mishra
> Priority: Minor
> Fix For: 2.0.0
>
>
> Right now when roles a re set current, we do nothing to optimize requesting
> for privileges. We basically get all roles, and then use the intersection to
> further filter the roles. After which we get privileges.
> There should be a better approach to this. We should simply use those current
> roles, and return privileges for them. We don't even need to check if the
> current roles belong to the user-groups because that is something that
> should've been checked earlier when making roles current
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
