You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2018/09/13 18:11:00 UTC

[jira] [Updated] (SENTRY-59) Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND

     [ https://issues.apache.org/jira/browse/SENTRY-59?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Na Li updated SENTRY-59:
------------------------
    Fix Version/s:     (was: 2.1.0)

> Doc that ResourceAuthorizationProvider checks actions as ORs, add support for AND
> ---------------------------------------------------------------------------------
>
>                 Key: SENTRY-59
>                 URL: https://issues.apache.org/jira/browse/SENTRY-59
>             Project: Sentry
>          Issue Type: Improvement
>    Affects Versions: 1.3.0
>            Reporter: Gregory Chanan
>            Priority: Major
>
> Currently, it is not clear from the javadoc how multiple actions are handled in the function:
> {code}
>  /***
>    * Returns validate subject privileges on given Authorizable object
>    *
>    * @param subject: UserID to validate privileges
>    * @param authorizableHierarchy : List of object accroding to namespace hierarchy.
>    *        eg. Server->Db->Table or Server->Function
>    *        The privileges will be validated from the higher to lower scope
>    * @param actions : Privileges to validate
>    * @return
>    *        True if the subject is authorized to perform requested action on the given object
>    */
>   public boolean hasAccess(Subject subject, List<? extends Authorizable> authorizableHierarchy, Set<? extends Action> actions);
> {code}
> but at least in ResourceAuthorizationProvider, OR semantics are used.  We should document this and perhaps add an interface for AND semantics.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)