Alexey Serbin has posted comments on this change. ( http://gerrit.cloudera.org:8080/13759 )
Change subject: docs: add info about Sentry ...................................................................... Patch Set 4: (19 comments) http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc File docs/security.adoc: http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@154 PS4, Line 154: Fine-Grained nit: Fine-grained ? Not sure whether they usually capitalize the after-hyphen part http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@160 PS4, Line 160: Maybe, add a note for about exposing possibly sensitive information via debug Web server even if fine-grained authz is configured in Kudu v1.10 http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@165 PS4, Line 165: *Server* Maybe, add some information to specify what this semantically means (like there a single Kudu table behind *Table*) http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@192 PS4, Line 192: for nit: I'm not sure whether it's intentional, but I can see two different prepositions for describing privileges related to an object: 'on' and 'for'. Is there any difference between those? If not, maybe converge on to just one preposition (e.g., 'on')? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@211 PS4, Line 211: to base access decisions on maybe just 'to perform or reject the requested action' ? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@211 PS4, Line 211: user, described in above, to base access decisions on. Maybe, explicitly mention that all DDL requests are processed by Kudu master? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@211 PS4, Line 211: , described in above, Not sure I see where and what is described above. Drop? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@216 PS4, Line 216: propogated propagated http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@217 PS4, Line 217: enacapsulate encapsulate http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@218 PS4, Line 218: Kudu : clients will automatically attach Why not present simple tense? Kudu clients automatically attach ... http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@221 PS4, Line 221: Does it make sense to mention that DDL operations are authorized not via authz tokens, but via direct authz calls to Sentry/privileges cache? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@222 PS4, Line 222: the : window potential ... the window of potential ... http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@225 PS4, Line 225: will automatically retrieve nit: maybe, use present simple tense instead? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@231 PS4, Line 231: operation. ... or if the token isn't valid. http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@263 PS4, Line 263: and all drop ? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@264 PS4, Line 264: `--trusted_user_acl` : configuration maybe, mention that this is one of the master's flag http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@269 PS4, Line 269: will authorize nit: use present simple instead? http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@271 PS4, Line 271: can authorize requests, if using Impala, ... authorizes requests on its own, ... http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@276 PS4, Line 276: will be nit: use present tense ? -- To view, visit http://gerrit.cloudera.org:8080/13759 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie50bb11a9a5d2d2294cf0ac34ccd7d75aa2cbcdf Gerrit-Change-Number: 13759 Gerrit-PatchSet: 4 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Alex Rodoni <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 02 Jul 2019 01:55:17 +0000 Gerrit-HasComments: Yes
