[jira] [Created] (RANGER-3900) Roles deletion Takes time in Apache Ranger

["Ramachandran (Jira)" <ji...@apache.org>]

Ramachandran created RANGER-3900:
------------------------------------

             Summary: Roles deletion Takes time in Apache Ranger
                 Key: RANGER-3900
                 URL: https://issues.apache.org/jira/browse/RANGER-3900
             Project: Ranger
          Issue Type: Improvement
          Components: Ranger
    Affects Versions: 3.0.0
            Reporter: Ramachandran


*{color:#0000ff}Role Deletion Steps in Apache Ranger:{color}*{color:#0000ff} {color}

 
{code:java}
 
1. Getting XXRole by roleName:
XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName); → 1DB Read call
2. Ensuring role is not in policy 
Long roleRefPolicyCount = daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(roleName); → 1DB Read call
3. Ensuring role is not in another role
Long roleRefRoleCount = daoMgr.getXXRoleRefRole().findRoleRefRoleCount(roleName);→ 1DB Read call
4. Fetching RangerRole by id
RangerRole role = roleService.read(xxRole.getId()); → 1DB Read call
5. Dereferencing all the users from the role.
 for (XXRoleRefUser xxRoleRefUser : xRoleUserDao.findByRoleId(roleId)) { → 1DB Read call
xRoleUserDao.remove(xxRoleRefUser);   → 1DB Write call for each xxRoleRefUser
}
6. Dereferencing all the groups from the role
for (XXRoleRefGroup xxRoleRefGroup : xRoleGroupDao.findByRoleId(roleId)) { → 1DB Read call
xRoleGroupDao.remove(xxRoleRefGroup);  → 1DB Write call for each xxRoleRefGroup
}
7. Dereferencing all other roles from the role.
for (XXRoleRefRole xxRoleRefRole : xRoleRoleDao.findByRoleId(roleId)) {→ 1DB Read call
xRoleRoleDao.remove(xxRoleRefRole);→ 1DB Write call for each xxRoleRefRole
}
8. Delete the rangerRole in DB
  roleService.delete(role);  → 1DB Write call

9. Create TrxLog
bizUtil.createTrxLog(trxLogList) → 1DB Write call
 
{code}
 

*{color:#0000ff}Total number of DB calls involved for the below role deletion in Apache Ranger:{color}*

*{color:#0000ff}{color:#1d1c1d}Deleting the role which contain more users:{color}{color}*

1.role contains 100 users 
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
|102|6|0|1.01 seconds|

 

1 role contains 500 users  
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
|502|6|0| 2.241 seconds|

1 role contains 1000 users  
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
|1002|6|0|3.14 seconds|

 

{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was associated with the role .Now that role got deleted)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.5  seconds|

{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was not associated with any role)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.2  seconds|

{color:#ff0000}Recommendation :{color}

When we reduce the number of users added into the role -→ Total number of DB calls will be reduced 

Instead of adding roles to the users ,can we add those users into group. And then link that group to the role ?

if we use groups instead of directly adding users into role, total number DB write call will be reduced to 2 from 1002  for 1k users 

 

{color:#FF0000}Proposal{color}:

{color:#ff0000}We can try DB batch write call instead of 1 DB write call for every user deference 
{color}

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)