You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramachandran (Jira)" <ji...@apache.org> on 2022/09/02 06:37:00 UTC
[jira] [Created] (RANGER-3900) Roles deletion Takes time in Apache Ranger
Ramachandran created RANGER-3900:
------------------------------------
Summary: Roles deletion Takes time in Apache Ranger
Key: RANGER-3900
URL: https://issues.apache.org/jira/browse/RANGER-3900
Project: Ranger
Issue Type: Improvement
Components: Ranger
Affects Versions: 3.0.0
Reporter: Ramachandran
*{color:#0000ff}Role Deletion Steps in Apache Ranger:{color}*{color:#0000ff} {color}
{code:java}
1. Getting XXRole by roleName:
XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName); → 1DB Read call
2. Ensuring role is not in policy
Long roleRefPolicyCount = daoMgr.getXXPolicyRefRole().findRoleRefPolicyCount(roleName); → 1DB Read call
3. Ensuring role is not in another role
Long roleRefRoleCount = daoMgr.getXXRoleRefRole().findRoleRefRoleCount(roleName);→ 1DB Read call
4. Fetching RangerRole by id
RangerRole role = roleService.read(xxRole.getId()); → 1DB Read call
5. Dereferencing all the users from the role.
for (XXRoleRefUser xxRoleRefUser : xRoleUserDao.findByRoleId(roleId)) { → 1DB Read call
xRoleUserDao.remove(xxRoleRefUser); → 1DB Write call for each xxRoleRefUser
}
6. Dereferencing all the groups from the role
for (XXRoleRefGroup xxRoleRefGroup : xRoleGroupDao.findByRoleId(roleId)) { → 1DB Read call
xRoleGroupDao.remove(xxRoleRefGroup); → 1DB Write call for each xxRoleRefGroup
}
7. Dereferencing all other roles from the role.
for (XXRoleRefRole xxRoleRefRole : xRoleRoleDao.findByRoleId(roleId)) {→ 1DB Read call
xRoleRoleDao.remove(xxRoleRefRole);→ 1DB Write call for each xxRoleRefRole
}
8. Delete the rangerRole in DB
roleService.delete(role); → 1DB Write call
9. Create TrxLog
bizUtil.createTrxLog(trxLogList) → 1DB Write call
{code}
*{color:#0000ff}Total number of DB calls involved for the below role deletion in Apache Ranger:{color}*
*{color:#0000ff}{color:#1d1c1d}Deleting the role which contain more users:{color}{color}*
1.role contains 100 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
|102|6|0|1.01 seconds|
1 role contains 500 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
|502|6|0| 2.241 seconds|
1 role contains 1000 users
||DB Write count||DB Read count||DB Batch Write count||Time taken to delete the role||
|1002|6|0|3.14 seconds|
{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was associated with the role .Now that role got deleted)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.5 seconds|
{color:#0000ff}{color:#1d1c1d}*Deleting the user (Which was not associated with any role)*{color}{color}
||Number of users ||Time taken to delete the each user||
|1000| 0.8 to 1.2 seconds|
{color:#ff0000}Recommendation :{color}
When we reduce the number of users added into the role -→ Total number of DB calls will be reduced
Instead of adding roles to the users ,can we add those users into group. And then link that group to the role ?
if we use groups instead of directly adding users into role, total number DB write call will be reduced to 2 from 1002 for 1k users
{color:#FF0000}Proposal{color}:
{color:#ff0000}We can try DB batch write call instead of 1 DB write call for every user deference
{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)