As part of the Sentry integration, it will be necessary to flesh out the AuthzTokenPB structure with relevant fields:
- The ID of the table which the token applies to
- The username which the attached privileges belong to
- The privileges
Sentry has it's own privilege format TSentryPrivilege, but we'll probably want to convert this into our own internal Protobuf-based format for the following reasons:
- The tokens will be used in the tablet servers to authorize client actions. Currently tablet servers don't use or link to Thrift libraries.
- The Sentry privilege structure references columns by name, whereas we will need to reference columns by ID in order to be robust to columns being renamed.
- Having our own format will make it easier to drop in alternate authorization providers in the future.