Sergio Peña created SENTRY-2372:
-----------------------------------
Summary: SentryStore should not implement grantOptionCheck
Key: SENTRY-2372
URL: https://issues.apache.org/jira/browse/SENTRY-2372
Project: Sentry
Issue Type: Improvement
Components: Sentry, sentrystore
Affects Versions: 2.1.0
Reporter: Sergio Peña
During functional testing it was found that SentryStore implementation contains
logic that enforces sentry rights and depends on cluster-specific context.
Specifically grantOptionCheck needs to be able to resolve hadoop user's groups
and sentry admin groups configured on the cluster.
There are two problems with this:
# Some backends use SentryStore in a multi-tenant way and does have the
context that SentryStore expects when it is used in cluster.
# Security enforcement logic shouldn't be in SentryStore if it is to be
trusted. Since the backends Sentry API may be stateless the caller has to pass
request context to such implementation backend together with the explicit
SentryStore arguments. If the context (e.g. groups) is passed with the request
the checks become unenforceable since caller controls variables on both sides
of the comparison.
The recommendation is to remove {{grantOptionCheck}} and {{SentryStore}} and to
implement equivalent logic in {{SentryPolicyStoreProcessor}}.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
