You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Shreepadma Venugopalan (JIRA)" <ji...@apache.org> on 2014/03/08 01:36:44 UTC

[jira] [Created] (SENTRY-135) Restrict access to policy store apis based on user/group

Shreepadma Venugopalan created SENTRY-135:
---------------------------------------------

             Summary: Restrict access to policy store apis based on user/group
                 Key: SENTRY-135
                 URL: https://issues.apache.org/jira/browse/SENTRY-135
             Project: Sentry
          Issue Type: Sub-task
            Reporter: Shreepadma Venugopalan


Today, we don't restrict the execution of various policy store apis such as createRole, dropRole etc based on the use/group. Hive/Impala/Solr will connect to the service as superusers. However, the user on whose behalf the request is performed is included in the thrift request struct. We need to restrict the apis based on privileges of the user/group.



--
This message was sent by Atlassian JIRA
(v6.2#6252)