Adar Dembo has posted comments on this change. ( http://gerrit.cloudera.org:8080/12500 )
Change subject: [sentry] add privilege scope validation to SentryAuthzProvider ...................................................................... Patch Set 8: Code-Review+1 (1 comment) http://gerrit.cloudera.org:8080/#/c/12500/7//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/12500/7//COMMIT_MSG@30 PS7, Line 30: 'ALL ON default.a' > In terms of minimizing the number of calls to Sentry, I think the "optimal" I think this is something we need to be open to experimenting with. Once there's a cache, how aggressively we "prefetch" from Sentry will be largely dictated by the semantics of the cache: can we use it for authz requests belonging to a different scope? Is it only for requests on matching scope? What's the cache memory footprint as compared to the amount of coverage it provides? So whatever we do right now is largely immaterial as we'll need to verify that it makes sense in the presence of the cache. -- To view, visit http://gerrit.cloudera.org:8080/12500 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I89437a04a4fa18e501d21c3abf5d66a2d22ce58a Gerrit-Change-Number: 12500 Gerrit-PatchSet: 8 Gerrit-Owner: Hao Hao <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Thu, 14 Mar 2019 21:20:32 +0000 Gerrit-HasComments: Yes
