[jira] [Updated] (SENTRY-178) Poor performance for Sentry Policy Service as #of privileges is scaled up

["Arun Suresh (JIRA)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/SENTRY-178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arun Suresh updated SENTRY-178:
-------------------------------

    Attachment: SENTRY-178.3.patch

Attaching updated diff..
There seemed to have been a problem with the diff I had uploaded.. this is the correct diff..

Apparently, for m:n joins we do not need to call both privilege.append(role) AND role.append(privilege).. 

> Poor performance for Sentry Policy Service as #of privileges is scaled up
> -------------------------------------------------------------------------
>
>                 Key: SENTRY-178
>                 URL: https://issues.apache.org/jira/browse/SENTRY-178
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.3.0
>            Reporter: Lenni Kuff
>            Assignee: Arun Suresh
>            Priority: Critical
>             Fix For: 1.4.0
>
>         Attachments: SENTRY-178.1.patch, SENTRY-178.2.patch, SENTRY-178.3.patch
>
>
> I have observed that as the number of role privileges is scaled up, the performance of the Sentry Service (time it takes to execute a grant/revoke RPC) gets increasingly worse.
> The following is how long it takes to execute an RPC to grant/revoke a privilege from a role:
> {code}
> # of Role Privileges (each on different tables)
> 100 privileges ~2 RPCs/sec
> 1000 privileges ~1.5 RPCs/sec
> 2000 privileges - ~.5 RPCs/sec
> 4000 privileges - ~.2 RPCs/sec
> Configuration:
> - Sentry Policy Service -> Postgres Backend DB
> {code}
> This means the time to actually execute one grant/revoke RPC using a policy that is securing 4000 tables is >5s.
> I tried scaling up the number of clients, but that doesn't appear to improve the throughput since there is a lot of locking that is happening inside the Sentry Policy Service.



--
This message was sent by Atlassian JIRA
(v6.2#6252)