You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Brock Noland (JIRA)" <ji...@apache.org> on 2014/03/17 20:19:44 UTC

[jira] [Commented] (SENTRY-135) Restrict access to policy store apis based on user/group

    [ https://issues.apache.org/jira/browse/SENTRY-135?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13938243#comment-13938243 ] 

Brock Noland commented on SENTRY-135:
-------------------------------------

This was required for SENTRY-129 so I implemented it there.

> Restrict access to policy store apis based on user/group
> --------------------------------------------------------
>
>                 Key: SENTRY-135
>                 URL: https://issues.apache.org/jira/browse/SENTRY-135
>             Project: Sentry
>          Issue Type: Sub-task
>            Reporter: Shreepadma Venugopalan
>
> Today, we don't restrict the execution of various policy store apis such as createRole, dropRole etc based on the use/group. Hive/Impala/Solr will connect to the service as superusers. However, the user on whose behalf the request is performed is included in the thrift request struct. We need to restrict the apis based on privileges of the user/group.



--
This message was sent by Atlassian JIRA
(v6.2#6252)