You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Colin Ma <ju...@intel.com> on 2016/02/01 03:00:10 UTC

Re: Review Request 42287: SENTRY-1004: Create CommonPrivilege for external component


> On Jan. 29, 2016, 9:57 p.m., Anne Yu wrote:
> > sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java, line 22
> > <https://reviews.apache.org/r/42287/diff/3/?file=1225562#file1225562line22>
> >
> >     Thanks Colin for your clarification. It helps me to understand more.
> >     
> >     What is action here?
> >     
> >     So String means plain string match; URI (or URL) mean regex match, is that right?

ACTION is for action match, eg, compare insert and select. In CommonPrivilege.impliesValue(), all kinds of matches are defined according to the ImplyMethodType.


> On Jan. 29, 2016, 9:57 p.m., Anne Yu wrote:
> > sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java, line 41
> > <https://reviews.apache.org/r/42287/diff/3/?file=1225569#file1225569line41>
> >
> >     Does this also apply to hive? Does insert privilege means insert + select? In our current implementation, insert and select are different.

Sorry for the misunderstanding, it's an example to show the test case on insert=insert+select. For the Hive, insert shouldn't imply the select according to the current implementation.


- Colin


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/42287/#review117028
-----------------------------------------------------------


On Jan. 29, 2016, 8:41 a.m., Colin Ma wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/42287/
> -----------------------------------------------------------
> 
> (Updated Jan. 29, 2016, 8:41 a.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Create CommonPrivilege for every component.
> The main change is for the interface Privilege, implies(Privilege p)  --->  implies(Privilege privilege, Map<String, String> implyMethodMap, Map<String, Integer> actionMap)
> The actionMap is stored the mapping between action name and action value, eg:
>      for Hive:   select  --->   1   (binary: 0000001)
>                  insert  --->   3   (binary: 0000011)
>                  create  --->   4   (binary: 0000100)
>                   all    --->   7   (binary: 0000111)
> when compare the action, use the action value with the & operator
>  The implyMethodMap is stored the mapping between resource type and imply method, eg:
>      for Hive:    db   --->   string  (imply as string value)
>                   url  --->   url     (imply as url value)
> 
> 
> Diffs
> -----
> 
>   sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/ImplyMethodType.java PRE-CREATION 
>   sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Model.java PRE-CREATION 
>   sentry-core/sentry-core-common/src/main/java/org/apache/sentry/core/common/Resource.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/PolicyConstants.java 0bad8c1 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ColumnResourceForTest.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/DbResourceForTest.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ModelForTest.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/ServerResourceForTest.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TableResourceForTest.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestCommonPrivilege.java PRE-CREATION 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/TestKeyValue.java 2dfc7c5 
>   sentry-policy/sentry-policy-common/src/test/java/org/apache/sentry/policy/common/UrlResourceForTest.java PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/42287/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Colin Ma
> 
>