You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2014/06/06 00:02:04 UTC
[jira] [Updated] (SENTRY-178) Poor performance for Sentry Policy
Service as #of privileges is scaled up
[ https://issues.apache.org/jira/browse/SENTRY-178?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arun Suresh updated SENTRY-178:
-------------------------------
Attachment: SENTRY-178.3.patch
Attaching updated diff..
There seemed to have been a problem with the diff I had uploaded.. this is the correct diff..
Apparently, for m:n joins we do not need to call both privilege.append(role) AND role.append(privilege)..
> Poor performance for Sentry Policy Service as #of privileges is scaled up
> -------------------------------------------------------------------------
>
> Key: SENTRY-178
> URL: https://issues.apache.org/jira/browse/SENTRY-178
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.3.0
> Reporter: Lenni Kuff
> Assignee: Arun Suresh
> Priority: Critical
> Fix For: 1.4.0
>
> Attachments: SENTRY-178.1.patch, SENTRY-178.2.patch, SENTRY-178.3.patch
>
>
> I have observed that as the number of role privileges is scaled up, the performance of the Sentry Service (time it takes to execute a grant/revoke RPC) gets increasingly worse.
> The following is how long it takes to execute an RPC to grant/revoke a privilege from a role:
> {code}
> # of Role Privileges (each on different tables)
> 100 privileges ~2 RPCs/sec
> 1000 privileges ~1.5 RPCs/sec
> 2000 privileges - ~.5 RPCs/sec
> 4000 privileges - ~.2 RPCs/sec
> Configuration:
> - Sentry Policy Service -> Postgres Backend DB
> {code}
> This means the time to actually execute one grant/revoke RPC using a policy that is securing 4000 tables is >5s.
> I tried scaling up the number of clients, but that doesn't appear to improve the throughput since there is a lot of locking that is happening inside the Sentry Policy Service.
--
This message was sent by Atlassian JIRA
(v6.2#6252)