[jira] [Updated] (SENTRY-2265) Translate owner privilege in sentry binding for authorization

Mon, 11 Jun 2018 16:05:16 -0700 


     [ 
https://issues.apache.org/jira/browse/SENTRY-2265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Na Li updated SENTRY-2265:
--------------------------
    Description: 
When authorization is done, sentry binding should translate owner privilege to 
"ALL" before using it.

In CommonPrivilege, need to add Owner privilege and treat it as ALL privilege 
for authorization

{code}
 private boolean impliesResource(ImplyMethodType implyMethodType, String 
policyValue, String requestValue) {
    // wildcard support, "*", "+", "all"("+" and "all" are for backward 
compatibility) are represented as wildcard
    // if requestValue is wildcard, means privilege request is to match with 
any value of given resource
    if (SentryConstants.RESOURCE_WILDCARD_VALUE.equals(policyValue)
            || SentryConstants.RESOURCE_WILDCARD_VALUE.equals(requestValue)
            || 
SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(policyValue)
            || 
SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(requestValue)
            || 
SentryConstants.RESOURCE_WILDCARD_VALUE_SOME.equals(requestValue)) {
      return true;
    }

{code}

  was:When authorization is done, sentry binding should translate owner 
privilege to "ALL" before using it.


> Translate owner privilege in sentry binding for authorization
> -------------------------------------------------------------
>
>                 Key: SENTRY-2265
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2265
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>            Reporter: kalyan kumar kalvagadda
>            Assignee: kalyan kumar kalvagadda
>            Priority: Major
>
> When authorization is done, sentry binding should translate owner privilege 
> to "ALL" before using it.
> In CommonPrivilege, need to add Owner privilege and treat it as ALL privilege 
> for authorization
> {code}
>  private boolean impliesResource(ImplyMethodType implyMethodType, String 
> policyValue, String requestValue) {
>     // wildcard support, "*", "+", "all"("+" and "all" are for backward 
> compatibility) are represented as wildcard
>     // if requestValue is wildcard, means privilege request is to match with 
> any value of given resource
>     if (SentryConstants.RESOURCE_WILDCARD_VALUE.equals(policyValue)
>             || SentryConstants.RESOURCE_WILDCARD_VALUE.equals(requestValue)
>             || 
> SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(policyValue)
>             || 
> SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(requestValue)
>             || 
> SentryConstants.RESOURCE_WILDCARD_VALUE_SOME.equals(requestValue)) {
>       return true;
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to