Bharath Vissapragada has posted comments on this change. ( http://gerrit.cloudera.org:8080/12684 )
Change subject: IMPALA-7917 (Part 3): Decouple Sentry from Impala ...................................................................... Patch Set 5: (1 comment) http://gerrit.cloudera.org:8080/#/c/12684/5/fe/src/main/java/org/apache/impala/authorization/AuthorizationFactory.java File fe/src/main/java/org/apache/impala/authorization/AuthorizationFactory.java: http://gerrit.cloudera.org:8080/#/c/12684/5/fe/src/main/java/org/apache/impala/authorization/AuthorizationFactory.java@62 PS5, Line 62: */ : AuthorizationManager newAuthorizationManager(CatalogOpExecutor catalogOpExecutor); : : /** : * Creates a new instance of {@link AuthorizationManager}. : */ : AuthorizationManager newAuthorizationManager(Frontend frontend); I have a feeling that this AuthzMgr should be tied to a Catalog and not whether it is frontend or CatalogServer. newAuthzMgr(Catalog catalog) {} You can then have children like SentryCatalogdAuthzMgr() and SentryImpaladAuthzMgr(). For ranger I don't think you need a Catalogd side authz manager at all. Essentially you could be delegating the impl stuff to the authz engine. The issue as I see with the current model is that you need to know what methods you can call, depending on the context you are in. For ex: if I'm on a coordinator, I should know that I can only call getRoles, showRoles() etc and not addRole / createRole(). What do you think? -- To view, visit http://gerrit.cloudera.org:8080/12684 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I1a5d3e0a3e86ac2b0329b56247357fca93229dd0 Gerrit-Change-Number: 12684 Gerrit-PatchSet: 5 Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Bharath Vissapragada <bhara...@cloudera.com> Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Paul Rogers <prog...@cloudera.com> Gerrit-Comment-Date: Thu, 07 Mar 2019 23:12:59 +0000 Gerrit-HasComments: Yes