You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Alok Lal (JIRA)" <ji...@apache.org> on 2015/04/01 21:46:52 UTC

[jira] [Updated] (RANGER-359) Policy validation: resource uniqueness: store resource signature of a policy in database for faster check

     [ https://issues.apache.org/jira/browse/RANGER-359?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alok Lal updated RANGER-359:
----------------------------
    Description: 
Currently we iterate over all policies for a service, a generate its resource signature and use that to enforce uniquness.  This can be computationally and space intensive if, say, there are several policies for a service or create/update of policies happens frequently.  The resource signature of a policy could be kept in the database and kept up to date as resources change.  Then a database level search could allow for doing this check cheaply and robustly.

Another way to reduce the space complexity could be to allow policy search command to return an Iterator instead of the collection of policies itself.  This has some other challenges but is listed here for completeness.

  was:Currently we iterate over all policies for a service, a generate its resource signature and use that to enforce uniquness.  This can be computationally intensive and infeasible due to memory if there are several policies.  The resource signature of a policy could be kept in the database and kept up to date as resources change.  Then a database level search could allow for doing this check cheaply and robustly.


> Policy validation: resource uniqueness: store resource signature of a policy in database for faster check
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RANGER-359
>                 URL: https://issues.apache.org/jira/browse/RANGER-359
>             Project: Ranger
>          Issue Type: Sub-task
>            Reporter: Alok Lal
>             Fix For: 0.5.0
>
>
> Currently we iterate over all policies for a service, a generate its resource signature and use that to enforce uniquness.  This can be computationally and space intensive if, say, there are several policies for a service or create/update of policies happens frequently.  The resource signature of a policy could be kept in the database and kept up to date as resources change.  Then a database level search could allow for doing this check cheaply and robustly.
> Another way to reduce the space complexity could be to allow policy search command to return an Iterator instead of the collection of policies itself.  This has some other challenges but is listed here for completeness.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)