[SENTRY-178] Poor performance for Sentry Policy Service as #of privileges is scaled up - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.4.0
Component/s: None
Labels:
None

Description

I have observed that as the number of role privileges is scaled up, the performance of the Sentry Service (time it takes to execute a grant/revoke RPC) gets increasingly worse.

The following is how long it takes to execute an RPC to grant/revoke a privilege from a role:

# of Role Privileges (each on different tables)

100 privileges ~2 RPCs/sec
1000 privileges ~1.5 RPCs/sec
2000 privileges - ~.5 RPCs/sec
4000 privileges - ~.2 RPCs/sec

Configuration:
- Sentry Policy Service -> Postgres Backend DB

This means the time to actually execute one grant/revoke RPC using a policy that is securing 4000 tables is >5s.

I tried scaling up the number of clients, but that doesn't appear to improve the throughput since there is a lot of locking that is happening inside the Sentry Policy Service.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-178.3.patch
05/Jun/14 22:02
0.7 kB
Arun Suresh
SENTRY-178.2.patch
21/May/14 19:29
9 kB
Arun Suresh
SENTRY-178.1.patch
21/May/14 18:20
9 kB
Arun Suresh

Activity

People

Assignee:: Arun Suresh

Reporter:: Lenni Kuff

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 22/Apr/14 20:03

Updated:: 05/Jun/14 22:02

Resolved:: 21/May/14 20:26