[
https://issues.apache.org/jira/browse/SENTRY-1964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181609#comment-16181609
]
Ruslan Dautkhanov commented on SENTRY-1964:
-------------------------------------------
What if we have a table that's partitioned by client_id and we actually want
certain users only query their data?
I think it can be a nice security feature to apply permissions not just by
columns but also by slices of rows (partitions).
In Oracle that's called Virtual Private Database, when a database embeds a
WHERE clause depending who is logged in,
so they can only see data that' allowed to them. With Sentry it can be a
security feature, when a query only returns
subset of data to which a user/role/group has access to.
> HDFS sync does not need partition locations (usually)
> -----------------------------------------------------
>
> Key: SENTRY-1964
> URL: https://issues.apache.org/jira/browse/SENTRY-1964
> Project: Sentry
> Issue Type: Improvement
> Components: Sentry
> Affects Versions: 2.0.0
> Reporter: Na Li
> Assignee: Na Li
> Priority: Critical
>
> Right now, sentry saves partition info from HMS and send it to HDFS. HDFS
> only needs database and table info, and does not need partition info for ACL
> unless the partion location is not sharing the same prefix of its table.
> The partition data amount is huge, and causes performance issue. We can
> optimize it by not saving and not sending partition info if it shares the
> same path of its table.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
