Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.0
    • Fix Version/s: 1.10.0
    • Component/s: security
    • Labels:
      None

      Description

      As part of the Sentry integration, it will be necessary to flesh out theĀ  AuthzTokenPB structure with relevant fields:

      1. The ID of the table which the token applies to
      2. The username which the attached privileges belong to
      3. The privileges

      Sentry has it's own privilege formatĀ TSentryPrivilege, but we'll probably want to convert this into our own internal Protobuf-based format for the following reasons:

      1. The tokens will be used in the tablet servers to authorize client actions. Currently tablet servers don't use or link to Thrift libraries.
      2. The Sentry privilege structure references columns by name, whereas we will need to reference columns by ID in order to be robust to columns being renamed.
      3. Having our own format will make it easier to drop in alternate authorization providers in the future.

        Attachments

          Activity

            People

            • Assignee:
              awong Andrew Wong
              Reporter:
              danburkert Dan Burkert
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: