Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/12833 )
Change subject: WIP [master] introduced SentryAuthzCache ...................................................................... Patch Set 5: (1 comment) http://gerrit.cloudera.org:8080/#/c/12833/5/src/kudu/master/sentry_authz_provider.cc File src/kudu/master/sentry_authz_provider.cc: http://gerrit.cloudera.org:8080/#/c/12833/5/src/kudu/master/sentry_authz_provider.cc@464 PS5, Line 464: SentryAuthzProvider::IsSameScopeHierarchyBranch > Any reasons we should sanitize the privileges even the Sentry API should al I tried this: auto privilege = GetDatabasePrivilege("test", "test"); privilege.__set_privilegeScope("TABLE"); EXPECT_OK(AlterRoleGrantPrivilege(sentry_client_.get(), kRoleName, privilege); and when I listed the table privileges in Sentry, I saw: TSentryPrivilege(privilegeScope=TABLE, serverName=server1, dbName=test, tableName=, URI=, action=test, createTime=1553799076569, grantOption=DISABLED, columnName=) Like you said, Sentry can store anything. The above privilege might make sense for some services, but we need to make sure we only consider privileges that make structural sense for Kudu. -- To view, visit http://gerrit.cloudera.org:8080/12833 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Idaefacd50736f1f152dae34e76778e17b2e84cbe Gerrit-Change-Number: 12833 Gerrit-PatchSet: 5 Gerrit-Owner: Alexey Serbin <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Tidy Bot (241) Gerrit-Comment-Date: Thu, 28 Mar 2019 18:54:03 +0000 Gerrit-HasComments: Yes
