You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Vihang Karajgaonkar (Jira)" <ji...@apache.org> on 2019/12/13 01:14:00 UTC
[jira] [Created] (IMPALA-9242) Access check should only check
against the privileges of the authorizable
Vihang Karajgaonkar created IMPALA-9242:
-------------------------------------------
Summary: Access check should only check against the privileges of the authorizable
Key: IMPALA-9242
URL: https://issues.apache.org/jira/browse/IMPALA-9242
Project: IMPALA
Issue Type: Improvement
Reporter: Vihang Karajgaonkar
Currently, according to the implementation of https://github.com/apache/sentry/blob/branch-2.1.0/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/SimpleCacheProviderBackend.java#L64
each access check request in Sentry is done against all the privileges of the user. Instead, we can reduce the number of privilege checks significantly, if we use this API in https://github.com/apache/sentry/blob/master/sentry-provider/sentry-provider-cache/src/main/java/org/apache/sentry/provider/cache/PrivilegeCache.java#L46
Unfortunately, SENTRY-1291 which is merged in master branch of Sentry is unavailable. However, if we can have a interface side changes in PrivilegeCache, Impala can implement a prefix-tree based {{PrivilegeCache}} so that number of privileges returned are only related to the given authorizable. This API can then be used in SimpleCacheProviderBackend to reduce the processing time required to check access for a large number of objects in large setups.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org