Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.4.0
-
None
-
None
Description
The authorization provider retrieves all the privileges for the given set of groups. This could be a huge data set if there are a large number of privileges in the system. A downstream consumer like HiveServer2 will be reading this for each query. This could impact the DB store performance if there are multiple active queries and numerous privilege rules.
We could consider pushing the filters like DB object name to the policy provider to prune the privilege result set at the source.
Attachments
Attachments
Issue Links
- blocks
-
SENTRY-215 SHOW GRANT ROLE xxx ON [SERVER, DATABASE, TABLE, URI] xxx
- Resolved
- breaks
-
SENTRY-246 Load command does not seem to work with filter push down
- Resolved
-
SENTRY-249 "Use default" should be allowed for all the users even when using filter push down
- Resolved
-
SENTRY-250 Create external table fails with filter push down
- Resolved
- contains
-
SENTRY-234 Allow Sentry service to accept Server/Db/Table/URI in the listPrivileges API
- Resolved
- depends upon
-
SENTRY-37 Implement a DB backed policy store
- Resolved
- is related to
-
SENTRY-234 Allow Sentry service to accept Server/Db/Table/URI in the listPrivileges API
- Resolved