Once Sentry switches to HMS notifications which are processed asynchronously we have problem with session consistency.
Suppose that we have a session which creates a table and then grants permissions to it. The table create is handled as HMS notification event and will eventually reach Sentry. The DDL with permission grant is in-line and is likely to reach Sentry before the table create request. This will cause the grant to unexpectedly fail although it is a perfectly valid operation.
The proposed solution is to include a "sync barrier" RPC call to Sentry which will block until the specified notification ID is processed by Sentry. Every HMS operation that generates notifications for Sentry should be followed by such sync call.