[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16408641#comment-16408641
]
Alexander Kolbasov commented on SENTRY-2154:
--------------------------------------------
We had some discussion a while ago about the relationship between roles and
privileges. Currently it is M:N meaning that there is a pool of roles and a
pool of privileges and they refer to each other in some way. I was suggesting
to change this to a different model where each role may have a bunch of
privileges so it is more like 1:N relationship - in the current model
privileges do not make much sense outside of a role.
Currently Sentry uses role-based model - only roles have privileges.
This proposal changes this - now users can have privileges and users are not
roles. So now we need to define relationship between users, groups, roles and
privileges. Can someone summarize the proposed relationships between all these?
> Update schema to grant privileges to user
> -----------------------------------------
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: Na Li
> Assignee: Na Li
> Priority: Major
> Fix For: 2.1.0
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
