You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "kalyan kumar kalvagadda (JIRA)" <ji...@apache.org> on 2016/12/21 19:50:58 UTC

[jira] [Comment Edited] (SENTRY-1556) Simplify privilege cleaning

    [ https://issues.apache.org/jira/browse/SENTRY-1556?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15767932#comment-15767932 ] 

kalyan kumar kalvagadda edited comment on SENTRY-1556 at 12/21/16 7:50 PM:
---------------------------------------------------------------------------

I made changes for the first approach by removing privileges moment they are not associated to any role.

I have identified below scenarios which this will happen
# When a role is deleted
** When a role is deleted, we can see if the associated privileges are associated to any other roles. All the privileges that are not associated to any roles can be deleted from storage
# When a privilege is revoked for a role
** When a privilege is revoked for a role, we can remove the privilege from storage if it is not associated to any role

*Note:* Once this approached is reviewed and accepted, we need not call PrivCleaner for periodic cleanup


was (Author: kkalyan):
I made changes for the first approach by removing privileges moment they are not associated to any role.

I have identified below scenarios which this will happen
# When a role is deleted
** When a role is deleted, we can see if the associated privileges are associated to any other roles. All the privileges that are not associated to any roles can be deleted from storage
# When a privilege is revoked for a role
** When a privilege is revoked for a role, we can remove the privilege from storage if it is not associated to any role

*Note:* Once this approached is reviewed and accepted we need to call PrivCleaner for periodic cleanup

> Simplify privilege cleaning
> ---------------------------
>
>                 Key: SENTRY-1556
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1556
>             Project: Sentry
>          Issue Type: Improvement
>          Components: Sentry
>    Affects Versions: 1.8.0, sentry-ha-redesign
>            Reporter: Alexander Kolbasov
>            Assignee: kalyan kumar kalvagadda
>            Priority: Minor
>
> The SentryStore class has a privCleaner that cleans up orphaned privileges. Currently cleaning is happening after 50 notification requests are sent and it uses locking to synchronize.
> I think the whole thing can be simplified:
> 1) We should consider whether it is possible to clean up a privilege simply when we see that there are no roles associated with it. In this case we do not need this at all.
> 2) We can simply run a periodic job to clean up orphaned privileges and groups (which are not cleaned up at all now).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)