You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Dapeng Sun (JIRA)" <ji...@apache.org> on 2014/11/11 16:31:35 UTC
[jira] [Updated] (SENTRY-390) Extend Thrift API to support
column-level privilege
[ https://issues.apache.org/jira/browse/SENTRY-390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dapeng Sun updated SENTRY-390:
------------------------------
Attachment: SENTRY-390.003.patch
> Extend Thrift API to support column-level privilege
> ---------------------------------------------------
>
> Key: SENTRY-390
> URL: https://issues.apache.org/jira/browse/SENTRY-390
> Project: Sentry
> Issue Type: Sub-task
> Reporter: Dapeng Sun
> Assignee: Dapeng Sun
> Fix For: 1.5.0
>
> Attachments: SENTRY-390.002.patch, SENTRY-390.patch
>
>
> The jira include:
> # SENTRY Thrift API changed :
> #* We change the field {{TSentryPrivilege privilege}} to {{set<TSentryPrivilege> privileges}} in {{TAlterSentryRoleGrantPrivilegeRequest}} and {{TAlterSentryRoleRevokePrivilegeRequest}}, The reason is the HIVE GRANT may like {{Grant SELECT (tb1.col1, tb2.col2) on TABLE table1 to role roleName}}, it contains two privileges ({{col1}} and {{col2}}) for SENTRY, to reduce the request API calls, we make it change.
> #* Another way to Implement it, maybe add a {{column list}} to {{TSentryPrivilege}}, but it will bring more problems, we know SentryStore has many convert methods between {{TSentryPrivilege}} and {{MSentryPrivilege}}, and query an unique {{MSentryPrivilege}} use {{TSentryPrivilege}} as query condition, so we should make them one-to-one correspondence.
> # Change {{SentryStore}} after Thrift API changed
> # Change {{SentryPolicyStoreProcessor}} and {{SentryPolicyServiceClient}} after Thrift API changed, include the grant/revoke methods about column privilege
> # Change {{Auditlog}} after Thrift API changed
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)