Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13759 )
Change subject: docs: add info about Sentry ...................................................................... Patch Set 6: (19 comments) http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc File docs/security.adoc: http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@154 PS4, Line 154: Fine-Grained > nit: Fine-grained ? Not sure whether they usually capitalize the after-hyp after the hyphen in a title is fine http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@160 PS4, Line 160: > Maybe, add a note for about exposing possibly sensitive information via deb Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@165 PS4, Line 165: web-ui,i > Maybe, add some information to specify what this semantically means (like t Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@192 PS4, Line 192: > nit: I'm not sure whether it's intentional, but I can see two different pre Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@211 PS4, Line 211: example, in Sentry deployments that don't support `UPDATE` privileges, to > Maybe, explicitly mention that all DDL requests are processed by Kudu maste I list the authorization policy for Masters and Tablet Servers below. I'm hesitant to blanket all Master requests as DDL since not all of them are necessarily DDL (e.g. GetTabletLocations). http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@211 PS4, Line 211: ents that don't support `UP > maybe just 'to perform or reject the requested action' ? Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@211 PS4, Line 211: ple, in Sentry deploy > Not sure I see where and what is described above. Drop? Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@216 PS4, Line 216: er has. If > propagated Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@217 PS4, Line 217: action, the > encapsulate Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@218 PS4, Line 218: : > Why not present simple tense? Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@221 PS4, Line 221: > Does it make sense to mention that DDL operations are authorized not via au Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@222 PS4, Line 222: ry, : privileges are p > ... the window of potential ... Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@225 PS4, Line 225: pening a Kudu table. Kudu > nit: maybe, use present simple tense instead? Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@231 PS4, Line 231: tablet servers in a cluster is much higher than the number of Kudu masters, > ... or if the token isn't valid. Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@263 PS4, Line 263: tion> > drop ? Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@264 PS4, Line 264: : --sentry_serv > maybe, mention that this is one of the master's flag Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@269 PS4, Line 269: own. The 'had > nit: use present simple instead? Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@271 PS4, Line 271: > ... authorizes requests on its own, ... Done http://gerrit.cloudera.org:8080/#/c/13759/4/docs/security.adoc@276 PS4, Line 276: > nit: use present tense ? Done -- To view, visit http://gerrit.cloudera.org:8080/13759 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ie50bb11a9a5d2d2294cf0ac34ccd7d75aa2cbcdf Gerrit-Change-Number: 13759 Gerrit-PatchSet: 6 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Alex Rodoni <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Grant Henke <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 02 Jul 2019 02:56:35 +0000 Gerrit-HasComments: Yes
