[
https://issues.apache.org/jira/browse/SENTRY-2098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16345376#comment-16345376
]
Na Li commented on SENTRY-2098:
-------------------------------
[~akolb]You can see in the following code, the retVal only contains role to
group mapping since it gets groups, from which sentry gets roles. This will not
contain the role to user mapping. If the code gets roles using MSentryRole,
then role to user mapping will be included. We need to include role to user
mapping to Name Node, so ACL can include those privileges assigned to user.
{code:java}
private Map<String, List<String>> retrieveFullRoleImageCore(PersistenceManager
pm)
throws Exception {
pm.setDetachAllOnCommit(false); // No need to detach objects
Query query = pm.newQuery(MSentryGroup.class);
query.addExtension(LOAD_RESULTS_AT_COMMIT, "false");
@SuppressWarnings("unchecked")
List<MSentryGroup> groups = (List<MSentryGroup>) query.execute();
if (groups.isEmpty()) {
return Collections.emptyMap();
}
Map<String, List<String>> retVal = new HashMap<>();
for (MSentryGroup mGroup : groups) {
for (MSentryRole role : mGroup.getRoles()) {
List<String> rUpdate = retVal.get(role.getRoleName());
if (rUpdate == null) {
rUpdate = new ArrayList<>();
retVal.put(role.getRoleName(), rUpdate);
}
rUpdate.add(mGroup.getGroupName());
}
}
query.closeAll();
return retVal;
}{code}
> Get user to role mapping when retrieving full snapshot from DB
> --------------------------------------------------------------
>
> Key: SENTRY-2098
> URL: https://issues.apache.org/jira/browse/SENTRY-2098
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Reporter: Na Li
> Priority: Major
>
> The full snapshot update only contains authorization to roles mapping and
> role to group mapping. Need to add role to user mapping in
> SentryStore.retrieveFullRoleImageCore
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
