[Impala-ASF-CR] IMPALA-7917 (Part 3): Decouple Sentry from Impala

Thu, 07 Mar 2019 15:13:09 -0800 

Bharath Vissapragada has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/12684 )

Change subject: IMPALA-7917 (Part 3): Decouple Sentry from Impala
......................................................................


Patch Set 5:

(1 comment)

http://gerrit.cloudera.org:8080/#/c/12684/5/fe/src/main/java/org/apache/impala/authorization/AuthorizationFactory.java
File fe/src/main/java/org/apache/impala/authorization/AuthorizationFactory.java:

http://gerrit.cloudera.org:8080/#/c/12684/5/fe/src/main/java/org/apache/impala/authorization/AuthorizationFactory.java@62
PS5, Line 62:    */
            :   AuthorizationManager newAuthorizationManager(CatalogOpExecutor 
catalogOpExecutor);
            :
            :   /**
            :    * Creates a new instance of {@link AuthorizationManager}.
            :    */
            :   AuthorizationManager newAuthorizationManager(Frontend frontend);
I have a feeling that this AuthzMgr should be tied to a Catalog and not whether 
it is frontend or CatalogServer.

newAuthzMgr(Catalog catalog) {}

You can then have children like SentryCatalogdAuthzMgr() and 
SentryImpaladAuthzMgr().

For ranger I don't think you need a Catalogd side authz manager at all. 
Essentially you could be delegating the impl stuff to the authz engine.

The issue as I see with the current model is that you need to know what methods 
you can call, depending on the context you are in.

For ex: if I'm on a coordinator, I should know that I can only call getRoles, 
showRoles() etc and not addRole / createRole().

What do you think?



--
To view, visit http://gerrit.cloudera.org:8080/12684
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I1a5d3e0a3e86ac2b0329b56247357fca93229dd0
Gerrit-Change-Number: 12684
Gerrit-PatchSet: 5
Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Bharath Vissapragada <bhara...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Paul Rogers <prog...@cloudera.com>
Gerrit-Comment-Date: Thu, 07 Mar 2019 23:12:59 +0000
Gerrit-HasComments: Yes

Reply via email to