You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Lenni Kuff (JIRA)" <ji...@apache.org> on 2014/09/05 23:51:28 UTC
[jira] [Created] (SENTRY-419) Support reading from the sentry
policy service at a consistent point in time
Lenni Kuff created SENTRY-419:
---------------------------------
Summary: Support reading from the sentry policy service at a consistent point in time
Key: SENTRY-419
URL: https://issues.apache.org/jira/browse/SENTRY-419
Project: Sentry
Issue Type: Task
Reporter: Lenni Kuff
It would be very useful for the Sentry Service to support reading the policy metadata at a consistent point in time (read a snapshot). This would allow for better consistency guarantees by clients that cache policy metadata, and would also probably benefit non-cached sentry clients as well.
For example, when a cached client is reading from the Sentry service they typically would implement something along the lines of (in pseudo-code):
{code}
for(Role role: listRoles()) {
for (Privilege priv: listPrivileges(role.getName())
// Process privilege
}
{code}
Consider the following case where there are two roles - Role A and Role B.
The client processes all privileges for Role A, but before the client moves to Role B, a user revokes a privilege from Role A and grants it to Role B. The client may think that this privilege belongs to both roles., which is a state the sentry policy service has never been in.
Providing a way to read a consistent snapshot would solve this problem. A bonus would be to support reading an incremental update of the metadata since some previous point in time.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)