[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408622#comment-16408622
]
Na Li commented on SENTRY-2154:
-------------------------------
[~kkalyan] We already have MSentryUser, MSentryGroup, MSentryPrivilege,
MSentryGMPrivilege. To support granting privilege to user in DB schema (scope
of this jira), we just need to add mapping table between user and privilege,
which is the same approach as before (like granting privilege to role is mapped
by SENTRY_ROLE_DB_PRIVILEGE_MAP table). If we need to grant privilege to group
directly, we can add a mapping table between group and privilege.
DataNucleus does lazy loading and we can control the depth of recursive
loading. So circular reference is not an issue.
http://www.datanucleus.org/products/accessplatform_4_1/jdo/fetchgroup.html
1) Drawbacks of using generic entity table
If we use the generic entity table, will we migrate the tables to that entity
table: SENTRY_USER, SENTRY_GROUP, SENTRY_ROLE? That will cause a lot of upgrade
issues.
Also, having a generic entity table will cause performance issue because each
query has to be changed to add filter for the entity type. It is also easier to
make mistake if the wrong entries are pulled. In addition, code maintenance is
much harder.
If we use generic entity table, we still need to add mapping table.
Having a generic approach has more flexibility, but at the cost of complexity.
We need to weight the benefits and drawbacks.
2) Benefits of using generic entity table
Flexibility to support new entity types including user. When a new type is
introduced, no need to change DB schema.
3) My preference
I don't see much benefits by using a generic entity table, but many drawbacks.
So I prefer to just adding a mapping table between user and privilege to
support granting privilege to user directly.
[~akolb] [~btowles] [~spena] Can you post your opinions? We need to decide the
approach as soon as possible. I am already coding in the approach I prefer.
Delayed decision will definitely delay the progress of this task. Thanks!
> Update schema to grant privileges to user
> -----------------------------------------
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: Na Li
> Assignee: Na Li
> Priority: Major
> Fix For: 2.1.0
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
