[jira] [Commented] (SENTRY-2170) update the thrift interface between sentry server and HDFS sentry client

Fri, 30 Mar 2018 09:52:21 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-2170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16420693#comment-16420693
 ] 

kalyan kumar kalvagadda commented on SENTRY-2170:
-------------------------------------------------

*Here is the proposal*

 

Currently TPrivilegeChanges is created to hold all the privileges that are 
granted to an object.

 

*Case-1:* When a snapshot is taken.

All the privileges granted to a object are added to addPrivileges.

*Case-2:* When a new privileges is granted

New privileges granted it added to addPrivileges

*Case-3*: When a privileges is revoked

Privileges that is revoked is added to delPrivileges

Both addPrivileges/delPrivileges have role to permission mapping. We could 
extend this mapping to send user permissions as well.

 
*New Definitions*
{noformat}
enum TPrivilegeEntityType
{ ROLE, USER, OBJECT }

struct TPrivilegeEntity {
 # Type of the privilege entity
 1: required TPrivilegeEntityType type;

 # Value of entity
 2: required string value;
 }

{noformat}
 

struct TPrivilegeChanges {
 # The authorizable object that needs to be updated.
1: required string authzObj;

 # The privileges that needs to be added to
 # the authorizable object.
2: required map<{color:#14892c}TPrivilegeEntity{color}, string> addPrivileges;

 # The privileges that needs to be deleted to
 # the authorizable object.
3: required map<{color:#14892c}TPrivilegeEntity{color}, string> delPrivileges;
}

 

> update the thrift interface between sentry server and HDFS sentry client
> ------------------------------------------------------------------------
>
>                 Key: SENTRY-2170
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2170
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: kalyan kumar kalvagadda
>            Assignee: kalyan kumar kalvagadda
>            Priority: Major
>         Attachments: SENTRY-2170.001.patch
>
>
> Thrift interface between sentry server and hdfs sentry client should be 
> updated to send the send user privileges as well.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to