You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by "Sun, Dapeng" <da...@intel.com> on 2015/07/01 05:14:04 UTC

RE: Import/ export rules for specific data objects

> I was mostly thinking auth object = database/table which would be beneficial in the above use case I mentioned. And we export all the permissions -> roles pertaining to this auth object and roles-> groups for those roles?
Okay, it will be useful, thanks. 

+1, I guess "table" will be the table of a specific database, yes? Looking forward to see the feature. 

Regards
Dapeng

-----Original Message-----
From: Sravya Tirukkovalur [mailto:sravya@cloudera.com] 
Sent: Wednesday, July 01, 2015 2:25 AM
To: dev
Subject: Re: Import/ export rules for specific data objects

Thanks for the feedback folks! Filed
https://issues.apache.org/jira/browse/SENTRY-785 to track this feature.

On Tue, Jun 30, 2015 at 8:41 AM, Lenni Kuff <ls...@cloudera.com> wrote:

> +1 for supporting filtering on the auth object. I think it would be
> important to support wildcard characters (basically allow the filter 
> to be a regex on the object name).
>
> Thanks,
> Lenni
>
> On Mon, Jun 29, 2015 at 10:32 AM, Sravya Tirukkovalur 
> <sravya@cloudera.com
> >
> wrote:
>
> > I was mostly thinking auth object = database/table which would be 
> > beneficial in the above use case I mentioned. And we export all the 
> > permissions -> roles pertaining to this auth object and roles-> 
> > groups
> for
> > those roles?
> >
> > On Sun, Jun 28, 2015 at 9:59 PM, Sun, Dapeng <da...@intel.com>
> wrote:
> >
> > > Yes, it's a good idea.
> > >
> > > I think we should document what auth object we will support and 
> > > which
> > rule
> > > will we export.
> > > For example, could the auth object be database, role and etc? and 
> > > our policy rules are user->group->role->permission, which mapping
> > relationships
> > > will be exported?
> > >
> > >
> > > Regards
> > > Dapeng
> > >
> > > -----Original Message-----
> > > From: Ma, Junjie [mailto:junjie.ma@intel.com]
> > > Sent: Monday, June 29, 2015 9:06 AM
> > > To: dev@sentry.incubator.apache.org
> > > Subject: RE: Import/ export rules for specific data objects
> > >
> > >
> > > I thinks this is an useful feature for the migration. This can be 
> > > an improvement of SENTRY-197, and we can created a new ticket to 
> > > trace
> this.
> > >
> > > Best regards,
> > >
> > > Colin Ma(Ma Jun Jie)
> > >
> > > -----Original Message-----
> > > From: Sravya Tirukkovalur [mailto:sravya@apache.org]
> > > Sent: Sunday, June 28, 2015 2:07 AM
> > > To: dev
> > > Subject: Import/ export rules for specific data objects
> > >
> > > Hi fellow developers,
> > >
> > > We are working on the import/export feature of sentry rules as 
> > > part of SENTRY-197. As a follow on I was wondering if it might 
> > > help to add a functionality where we can export/ import rules for 
> > > a specific auth
> > object.
> > > So for example: export sentry rules for database db1. I think this
> might
> > > have multiple use cases like when users setup their rules for a db 
> > > on a test environment and then migrate them to production.
> > >
> > > What do you guys think?
> > >
> > > Thanks!
> > >
> >
> >
> >
> > --
> > Sravya Tirukkovalur
> >
>



--
Sravya Tirukkovalur

Re: Import/ export rules for specific data objects

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.

@Dapeng: yes.

On Tue, Jun 30, 2015 at 8:14 PM, Sun, Dapeng <da...@intel.com> wrote:

> > I was mostly thinking auth object = database/table which would be
> beneficial in the above use case I mentioned. And we export all the
> permissions -> roles pertaining to this auth object and roles-> groups for
> those roles?
> Okay, it will be useful, thanks.
>
> +1, I guess "table" will be the table of a specific database, yes? Looking
> forward to see the feature.
>
> Regards
> Dapeng
>
> -----Original Message-----
> From: Sravya Tirukkovalur [mailto:sravya@cloudera.com]
> Sent: Wednesday, July 01, 2015 2:25 AM
> To: dev
> Subject: Re: Import/ export rules for specific data objects
>
> Thanks for the feedback folks! Filed
> https://issues.apache.org/jira/browse/SENTRY-785 to track this feature.
>
> On Tue, Jun 30, 2015 at 8:41 AM, Lenni Kuff <ls...@cloudera.com> wrote:
>
> > +1 for supporting filtering on the auth object. I think it would be
> > important to support wildcard characters (basically allow the filter
> > to be a regex on the object name).
> >
> > Thanks,
> > Lenni
> >
> > On Mon, Jun 29, 2015 at 10:32 AM, Sravya Tirukkovalur
> > <sravya@cloudera.com
> > >
> > wrote:
> >
> > > I was mostly thinking auth object = database/table which would be
> > > beneficial in the above use case I mentioned. And we export all the
> > > permissions -> roles pertaining to this auth object and roles->
> > > groups
> > for
> > > those roles?
> > >
> > > On Sun, Jun 28, 2015 at 9:59 PM, Sun, Dapeng <da...@intel.com>
> > wrote:
> > >
> > > > Yes, it's a good idea.
> > > >
> > > > I think we should document what auth object we will support and
> > > > which
> > > rule
> > > > will we export.
> > > > For example, could the auth object be database, role and etc? and
> > > > our policy rules are user->group->role->permission, which mapping
> > > relationships
> > > > will be exported?
> > > >
> > > >
> > > > Regards
> > > > Dapeng
> > > >
> > > > -----Original Message-----
> > > > From: Ma, Junjie [mailto:junjie.ma@intel.com]
> > > > Sent: Monday, June 29, 2015 9:06 AM
> > > > To: dev@sentry.incubator.apache.org
> > > > Subject: RE: Import/ export rules for specific data objects
> > > >
> > > >
> > > > I thinks this is an useful feature for the migration. This can be
> > > > an improvement of SENTRY-197, and we can created a new ticket to
> > > > trace
> > this.
> > > >
> > > > Best regards,
> > > >
> > > > Colin Ma(Ma Jun Jie)
> > > >
> > > > -----Original Message-----
> > > > From: Sravya Tirukkovalur [mailto:sravya@apache.org]
> > > > Sent: Sunday, June 28, 2015 2:07 AM
> > > > To: dev
> > > > Subject: Import/ export rules for specific data objects
> > > >
> > > > Hi fellow developers,
> > > >
> > > > We are working on the import/export feature of sentry rules as
> > > > part of SENTRY-197. As a follow on I was wondering if it might
> > > > help to add a functionality where we can export/ import rules for
> > > > a specific auth
> > > object.
> > > > So for example: export sentry rules for database db1. I think this
> > might
> > > > have multiple use cases like when users setup their rules for a db
> > > > on a test environment and then migrate them to production.
> > > >
> > > > What do you guys think?
> > > >
> > > > Thanks!
> > > >
> > >
> > >
> > >
> > > --
> > > Sravya Tirukkovalur
> > >
> >
>
>
>
> --
> Sravya Tirukkovalur
>



-- 
Sravya Tirukkovalur