[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467747#comment-16467747
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12922469/SENTRY-2154.006.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3769/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch,
> SENTRY-2154.003.patch, SENTRY-2154.003.patch, SENTRY-2154.004.patch,
> SENTRY-2154.005.patch, SENTRY-2154.007.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16467712#comment-16467712
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12922477/SENTRY-2154.007.patch
against master.
{color:red}Overall:{color} -1 due to 2 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.solr.TestSolrAdminOperations
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3771/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch,
> SENTRY-2154.003.patch, SENTRY-2154.003.patch, SENTRY-2154.004.patch,
> SENTRY-2154.005.patch, SENTRY-2154.007.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16464465#comment-16464465
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12922102/SENTRY-2154.005.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3762/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch,
> SENTRY-2154.003.patch, SENTRY-2154.003.patch, SENTRY-2154.004.patch,
> SENTRY-2154.005.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16464328#comment-16464328
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12922082/SENTRY-2154.004.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3761/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch,
> SENTRY-2154.003.patch, SENTRY-2154.003.patch, SENTRY-2154.004.patch,
> SENTRY-2154.005.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16462851#comment-16462851
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12921779/SENTRY-2154.003.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3759/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch,
> SENTRY-2154.003.patch, SENTRY-2154.003.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16461963#comment-16461963
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12921676/SENTRY-2154.003.patch
against master.
{color:red}Overall:{color} -1 due to 4 errors
{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationWithHA
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationWithHA
{color:red}ERROR:{color} Failed:
org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationWithHA
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3758/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch,
> SENTRY-2154.003.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16414025#comment-16414025 ] Na Li commented on SENTRY-2154: --- [~kkalyan] I don't want the review to be too big. Big review will slow down the review significantly. Currently the code change for this Jira is only for MySql. Once we finalize the schema, I will add changes for other DBs, and the size of the code change will be much bigger. The code review for jdo is at [https://reviews.apache.org/r/66265/] for SENTRY-2155. The code change for this Jira does not dependent on the change in SENTRY-2155, and can be committed without change in SENTRY-2155. If you want, you can look at this code review side-by-side with the code change in SENTRY-2155. > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412371#comment-16412371
]
Hadoop QA commented on SENTRY-2154:
---
Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12915998/SENTRY-2154.002.patch
against master.
{color:green}Overall:{color} +1 all checks pass
{color:green}SUCCESS:{color} all tests passed
Console output:
https://builds.apache.org/job/PreCommit-SENTRY-Build/3713/console
This message is automatically generated.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412194#comment-16412194 ] kalyan kumar kalvagadda commented on SENTRY-2154: - [~LinaAtAustin] It's better to have both JDO and database changes together in one patch as they go hand in hand. It's also clear to review the code together. > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412186#comment-16412186 ] Na Li commented on SENTRY-2154: --- [~akolb] review at [https://reviews.apache.org/r/66263/] shows proposed DB schema change. I will make package.jdo change in SENTRY-2155 > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2154.001.patch, SENTRY-2154.002.patch > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408653#comment-16408653 ] Alexander Kolbasov commented on SENTRY-2154: [~LinaAtAustin] [~kkalyan] Can you post proposed changes to the model Java classes and package.jdo file? > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408641#comment-16408641 ] Alexander Kolbasov commented on SENTRY-2154: We had some discussion a while ago about the relationship between roles and privileges. Currently it is M:N meaning that there is a pool of roles and a pool of privileges and they refer to each other in some way. I was suggesting to change this to a different model where each role may have a bunch of privileges so it is more like 1:N relationship - in the current model privileges do not make much sense outside of a role. Currently Sentry uses role-based model - only roles have privileges. This proposal changes this - now users can have privileges and users are not roles. So now we need to define relationship between users, groups, roles and privileges. Can someone summarize the proposed relationships between all these? > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408622#comment-16408622 ] Na Li commented on SENTRY-2154: --- [~kkalyan] We already have MSentryUser, MSentryGroup, MSentryPrivilege, MSentryGMPrivilege. To support granting privilege to user in DB schema (scope of this jira), we just need to add mapping table between user and privilege, which is the same approach as before (like granting privilege to role is mapped by SENTRY_ROLE_DB_PRIVILEGE_MAP table). If we need to grant privilege to group directly, we can add a mapping table between group and privilege. DataNucleus does lazy loading and we can control the depth of recursive loading. So circular reference is not an issue. http://www.datanucleus.org/products/accessplatform_4_1/jdo/fetchgroup.html 1) Drawbacks of using generic entity table If we use the generic entity table, will we migrate the tables to that entity table: SENTRY_USER, SENTRY_GROUP, SENTRY_ROLE? That will cause a lot of upgrade issues. Also, having a generic entity table will cause performance issue because each query has to be changed to add filter for the entity type. It is also easier to make mistake if the wrong entries are pulled. In addition, code maintenance is much harder. If we use generic entity table, we still need to add mapping table. Having a generic approach has more flexibility, but at the cost of complexity. We need to weight the benefits and drawbacks. 2) Benefits of using generic entity table Flexibility to support new entity types including user. When a new type is introduced, no need to change DB schema. 3) My preference I don't see much benefits by using a generic entity table, but many drawbacks. So I prefer to just adding a mapping table between user and privilege to support granting privilege to user directly. [~akolb] [~btowles] [~spena] Can you post your opinions? We need to decide the approach as soon as possible. I am already coding in the approach I prefer. Delayed decision will definitely delay the progress of this task. Thanks! > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408587#comment-16408587 ] kalyan kumar kalvagadda commented on SENTRY-2154: - we need to have the capability of grating privilege to user and groups in future. This is feature that we have plans to implement in short term. Using entity table makes that the logic generic for both user and group privileges. > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16408581#comment-16408581 ] kalyan kumar kalvagadda commented on SENTRY-2154: - [~LinaAtAustin] and [~spena] i understand your point but we need to consider making change to the database which are generic enough for future developments not looking at immediate requirements. Unless there is complexity invoked it is worth having the change generic. > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16398002#comment-16398002
]
Na Li commented on SENTRY-2154:
---
I prefer to add user and privilege mapping table. Using entity table is too
general and may complicate the query. Besides, we have specific table like
user, role, and group.
1) RBAC given a user, the path to get corresponding privileges
{code:java}
Privileges<-Roles<-Group<-User{code}
2) When user can be associated with role directly, the path to get
corresponding privileges for a given user
{code:java}
Privileges<-Roles<-Group<-User
^ |
|--|{code}
3) When user can be associated with privileges directly, the path to get
corresponding privileges for a given user
{code:java}
Privileges<-Roles<-Group<-User
^ |
|---|{code}
DN will get referred collection using foreign key when corresponding function
is called. I don't think it will be keep on getting linked collection non-stop.
Like Sergio mentioned: MSentryPrivilege refers to a list of MSentryRole, and
MSentryRole refers to a list of MSentryPrivilege. There is no problem.
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Assignee: Na Li
>Priority: Major
> Fix For: 2.1.0
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16393617#comment-16393617
]
Sergio Peña commented on SENTRY-2154:
-
I see the same circular dependency with roles and dependencies
privileges->roles->privileges
{noformat}
MSentryPrivilege {
Set roles;
}
MSentryRole {
Set privileges;
Set users;
}{noformat}
How does DN work differently between these two JDO objects?
privileges->roles->users->privileges?
{noformat}
MSentryPrivilege {
Set roles;
}
MSentryRole {
Set privileges;
Set users;
}
MSentryUser {
Set privileges;
Set roles;
}{noformat}
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Priority: Major
> Fix For: 2.1.0
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391696#comment-16391696
]
kalyan kumar kalvagadda commented on SENTRY-2154:
-
It's not the issue with the schema but the JDO we defined.
{noformat}
Privileges->Roles->User
{noformat}
When application tries to get privilege, it also gets the roles that have that
privilege. These roles will be list of users which these roles.
If we have mapping between Users and privileges, it gonna be circular.
{noformat}
Privileges->Roles->User->Privileges
{noformat}
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Priority: Major
> Fix For: 2.1.0
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391441#comment-16391441 ] Sergio Peña commented on SENTRY-2154: - Why does it create a circular dependency? I looked at the SENTRY_USER table, and it has the following columns: - USER_ID - USER_NAME - CREATE_TIME We also have a SENTRY_ROLE table that has similar columns but instead of USER_ is ROLE_. What is the difference with the ENTITY table you're proposing? > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391349#comment-16391349 ] kalyan kumar kalvagadda commented on SENTRY-2154: - Using current "SENTRY_USER" table would create circular dependency. I will update the details on this later today. > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[
https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16391346#comment-16391346
]
kalyan kumar kalvagadda commented on SENTRY-2154:
-
New tables should be added to accommodate this.
#
|{color:#205081}*Entity Table*{color}| | | |
|*Column Name*|*Column Type*|*Constraints*| |
|ENTITY_ID|long|Primary Key| |
|ENTITY_NAME|Varchar|Unique| |
|ENTITY_TYPE|ENUM|(USER)|Can be extended in future.|
| | | | |
| | | |{color:#205081} {color}|
|{color:#205081}*Sentry_Entity_Privilege_Map*{color}| | | |
|*Column Name*|*Column Type*|*Constraints*| |
|ENTITY_ID|long|Foreign key constraint on entity table| |
|DB_PRIVILEGE_ID|Long|Foreign key constraint on SENTRY_DB_PRIVILEGE table| |
> Update schema to grant privileges to user
> -
>
> Key: SENTRY-2154
> URL: https://issues.apache.org/jira/browse/SENTRY-2154
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
>Affects Versions: 2.1.0
>Reporter: Na Li
>Priority: Major
> Fix For: 2.1.0
>
>
> Need to add new DB table to support grant user to privileges
> Also, a flag should be added in privilege table to indicate the privilege is
> created by user, or created by sentry implicitly. User can view the implicit
> privileges, but cannot change it directly
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388724#comment-16388724 ] Na Li commented on SENTRY-2154: --- No. SENTRY-2162 contains retrieving implicit privileges and display them. I will add more details on the new table > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2154) Update schema to grant privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16388675#comment-16388675 ] Sergio Peña commented on SENTRY-2154: - Is this patch going to display implicit owner privileges as well? or is it just a patch to make schema changes? Do you have an idea of what new table will be created and how is going to relate to the privileges table? Btw, should it be better to have another Jira for the implicit privilege schema changes? > Update schema to grant privileges to user > - > > Key: SENTRY-2154 > URL: https://issues.apache.org/jira/browse/SENTRY-2154 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Priority: Major > Fix For: 2.1.0 > > > Need to add new DB table to support grant user to privileges > Also, a flag should be added in privilege table to indicate the privilege is > created by user, or created by sentry implicitly. User can view the implicit > privileges, but cannot change it directly -- This message was sent by Atlassian JIRA (v7.6.3#76005)
