You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by shen guoquan <gu...@intel.com> on 2015/01/12 10:12:16 UTC
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/
-----------------------------------------------------------
(Updated 一月 12, 2015, 9:12 a.m.)
Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
Repository: sentry
Description
-------
Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
Can't satisfied with the needs of dynamically add, delete and update permissions
Can't be centrally managed and difficult to maintain
According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
Diffs (updated)
-----
sentry-binding/sentry-binding-solr/pom.xml 2dfc933
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
Diff: https://reviews.apache.org/r/29240/diff/
Testing
-------
Thanks,
shen guoquan
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by shen guoquan <gu...@intel.com>.
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/pom.xml, line 56
> > <https://reviews.apache.org/r/29240/diff/3/?file=816335#file816335line56>
> >
> > ?
The tool needs the class SimpleFileProviderBackend. This class in the sentry-provider-file package. So the test scope was needed to delete
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java, line 151
> > <https://reviews.apache.org/r/29240/diff/3/?file=816336#file816336line151>
> >
> > Could these System.out.println be log?
Because the tool is a command utility, it communicates with console.using System.out.println is better than the log4j
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java, line 161
> > <https://reviews.apache.org/r/29240/diff/3/?file=816336#file816336line161>
> >
> > the requestorName is solid? So any user can execute this public API even if it is not admin?
This is not the problem. The sentry service side using the GSSCallback to allow the sentry.service.allow.connect users to connect.
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java, line 197
> > <https://reviews.apache.org/r/29240/diff/3/?file=816336#file816336line197>
> >
> > could you rename a better name for "a"
Thanks xiaomeng. I will fix it
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java, line 274
> > <https://reviews.apache.org/r/29240/diff/3/?file=816336#file816336line274>
> >
> > switch.. case?
It is using the same mechanism as hive tool.
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java, line 57
> > <https://reviews.apache.org/r/29240/diff/3/?file=816337#file816337line57>
> >
> > Could this be BeforeClass? so that we will cutdown test time if there are many test cases.
Thanks xiaomeng. A good suggestion. I will fix it.
> On 一月 28, 2015, 7:13 a.m., Xiaomeng Huang wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java, line 331
> > <https://reviews.apache.org/r/29240/diff/3/?file=816336#file816336line331>
> >
> > why we need write a KeyValue class? map is not enough? or other java container?
I will delete the KeyValue class. These already exists a KeyValue in the source code. Thanks for your comment
- shen
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review69970
-----------------------------------------------------------
On 一月 12, 2015, 9:12 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated 一月 12, 2015, 9:12 a.m.)
>
>
> Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by Xiaomeng Huang <xi...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review69970
-----------------------------------------------------------
sentry-binding/sentry-binding-solr/pom.xml
<https://reviews.apache.org/r/29240/#comment114820>
?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114823>
Could these System.out.println be log?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114828>
the requestorName is solid? So any user can execute this public API even if it is not admin?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114825>
could you rename a better name for "a"
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114824>
switch.. case?
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114831>
why we need write a KeyValue class? map is not enough? or other java container?
sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114822>
Could this be BeforeClass? so that we will cutdown test time if there are many test cases.
- Xiaomeng Huang
On 一月 12, 2015, 9:12 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated 一月 12, 2015, 9:12 a.m.)
>
>
> Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by Lenni Kuff <ls...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review71640
-----------------------------------------------------------
I see, can you please add a comment explain why this is the case? Also, should this be using the PolicyService APIs directly rather than issuing GRANT/REVOKE commands (seems so)?
- Lenni Kuff
On Jan. 29, 2015, 7:08 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated Jan. 29, 2015, 7:08 a.m.)
>
>
> Review request for sentry, Xiaomeng Huang, Colin Ma, Dapeng Sun, Gregory Chanan, and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java faf862f
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by shen guoquan <gu...@intel.com>.
> On 二月 7, 2015, 1:43 a.m., Lenni Kuff wrote:
> > Why not update the existing config tool to provide a solr option rather than creating a second tool that does the same thing?
Hi Lenni. Thanks for your advice. I have thought your idea before. But I found it is not suitable for Solr component using the configTool in the hive binding package. Firstly If using the config tool in the hive binding, it must add search model dependency in the hive binding package. I thought that is improper for hive binding package. Secondly the import tool for solr uses the generic model, and it is different with the hive import tool. Thanks
- shen
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review71539
-----------------------------------------------------------
On 一月 29, 2015, 7:08 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated 一月 29, 2015, 7:08 a.m.)
>
>
> Review request for sentry, Xiaomeng Huang, Colin Ma, Dapeng Sun, Gregory Chanan, and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java faf862f
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by Lenni Kuff <ls...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review71539
-----------------------------------------------------------
Why not update the existing config tool to provide a solr option rather than creating a second tool that does the same thing?
- Lenni Kuff
On Jan. 29, 2015, 7:08 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated Jan. 29, 2015, 7:08 a.m.)
>
>
> Review request for sentry, Xiaomeng Huang, Colin Ma, Dapeng Sun, Gregory Chanan, and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java faf862f
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by shen guoquan <gu...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/
-----------------------------------------------------------
(Updated 一月 29, 2015, 7:08 a.m.)
Review request for sentry, Xiaomeng Huang, Colin Ma, Dapeng Sun, Gregory Chanan, and Vamsee Yarlagadda.
Repository: sentry
Description
-------
Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
Can't satisfied with the needs of dynamically add, delete and update permissions
Can't be centrally managed and difficult to maintain
According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
Diffs
-----
sentry-binding/sentry-binding-solr/pom.xml 2dfc933
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java faf862f
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
Diff: https://reviews.apache.org/r/29240/diff/
Testing
-------
Thanks,
shen guoquan
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by shen guoquan <gu...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/
-----------------------------------------------------------
(Updated 一月 29, 2015, 7:06 a.m.)
Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
Repository: sentry
Description
-------
Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
Can't satisfied with the needs of dynamically add, delete and update permissions
Can't be centrally managed and difficult to maintain
According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
Diffs (updated)
-----
sentry-binding/sentry-binding-solr/pom.xml 2dfc933
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrAuthzBinding.java faf862f
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
Diff: https://reviews.apache.org/r/29240/diff/
Testing
-------
Thanks,
shen guoquan
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by Colin Ma <ju...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review69966
-----------------------------------------------------------
This import tool is not necessary for the integration, and it should be an improvment by a seperated JIRA.
The main problem for the current implementation is there has no transaction for import.
- Colin Ma
On Jan. 12, 2015, 9:12 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated Jan. 12, 2015, 9:12 a.m.)
>
>
> Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by shen guoquan <gu...@intel.com>.
> On 一月 28, 2015, 3:32 a.m., Dapeng Sun wrote:
> > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java, line 58
> > <https://reviews.apache.org/r/29240/diff/3/?file=816336#file816336line58>
> >
> > It seems the **Tool** grant the privilege in increments, is there any way to revoke or override the privilege?
Currently, the import tool only supports granting privileges, it can't support revoking privileges
- shen
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review69952
-----------------------------------------------------------
On 一月 12, 2015, 9:12 a.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated 一月 12, 2015, 9:12 a.m.)
>
>
> Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 29240: SENTRY-480:Create import tool that will load
policy file about Solr into the DB store
Posted by Dapeng Sun <da...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29240/#review69952
-----------------------------------------------------------
sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java
<https://reviews.apache.org/r/29240/#comment114789>
It seems the **Tool** grant the privilege in increments, is there any way to revoke or override the privilege?
- Dapeng Sun
On 一月 12, 2015, 5:12 p.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/29240/
> -----------------------------------------------------------
>
> (Updated 一月 12, 2015, 5:12 p.m.)
>
>
> Review request for sentry, Gregory Chanan and Vamsee Yarlagadda.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Currently Solr does support index-level security via sentry with file as backend privilege store. Using file as the backend store is simple, but there has some disadvantages as followings:
>
> Can't satisfied with the needs of dynamically add, delete and update permissions
> Can't be centrally managed and difficult to maintain
> According to the above disadvantages, The Solr Sentry plug-in integration with DB store is demanded. The Hive Sentry plug-in has already integration with DB store, but the Hive authorization model is different from the Solr authorization model.So this new feature depends on the generic authorization model(SENTRY-398)
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-solr/pom.xml 2dfc933
> sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/authz/SolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrSentryConfigTool.java PRE-CREATION
> sentry-binding/sentry-binding-solr/src/test/resources/solr_config_import_tool.ini PRE-CREATION
>
> Diff: https://reviews.apache.org/r/29240/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> shen guoquan
>
>