You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Sergio Peña (JIRA)" <ji...@apache.org> on 2017/07/10 20:11:02 UTC
[jira] [Updated] (SENTRY-59) Doc that ResourceAuthorizationProvider
checks actions as ORs, add support for AND
[ https://issues.apache.org/jira/browse/SENTRY-59?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergio Peña updated SENTRY-59:
------------------------------
Fix Version/s: (was: 1.8.0)
2.0.0
Moving all unresolved jiras with fix version 1.8.0 to 2.0.0. Please change the fix version if you intend to make it into 1.8.0 release.
> Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND
> ---------------------------------------------------------------------------------
>
> Key: SENTRY-59
> URL: https://issues.apache.org/jira/browse/SENTRY-59
> Project: Sentry
> Issue Type: Improvement
> Affects Versions: 1.3.0
> Reporter: Gregory Chanan
> Fix For: 2.0.0
>
>
> Currently, it is not clear from the javadoc how multiple actions are handled in the function:
> {code}
> /***
> * Returns validate subject privileges on given Authorizable object
> *
> * @param subject: UserID to validate privileges
> * @param authorizableHierarchy : List of object accroding to namespace hierarchy.
> * eg. Server->Db->Table or Server->Function
> * The privileges will be validated from the higher to lower scope
> * @param actions : Privileges to validate
> * @return
> * True if the subject is authorized to perform requested action on the given object
> */
> public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, Set<? extends Action> actions);
> {code}
> but at least in ResourceAuthorizationProvider, OR semantics are used. We should document this and perhaps add an interface for AND semantics.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)