Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-74 Add column-level privileges for Hive/Impala
  3. SENTRY-390

Extend Thrift API to support column-level privilege

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0
    • None
    • None

    Description

      The jira include:

      1. SENTRY Thrift API changed :
        • We change the field TSentryPrivilege privilege to set<TSentryPrivilege> privileges in TAlterSentryRoleGrantPrivilegeRequest and TAlterSentryRoleRevokePrivilegeRequest, The reason is the HIVE GRANT may like Grant SELECT (tb1.col1, tb2.col2) on TABLE table1 to role roleName, it contains two privileges (col1 and col2) for SENTRY, to reduce the request API calls, we make it change.
        • Another way to Implement it, maybe add a column list to TSentryPrivilege, but it will bring more problems, we know SentryStore has many convert methods between TSentryPrivilege and MSentryPrivilege, and query an unique MSentryPrivilege use TSentryPrivilege as query condition, so we should make them one-to-one correspondence.
      2. Change SentryStore after Thrift API changed
      3. Change SentryPolicyStoreProcessor and SentryPolicyServiceClient after Thrift API changed, include the grant/revoke methods about column privilege
      4. Change Auditlog after Thrift API changed

      Attachments

        1. SENTRY-390.003-no-thrift.patch
          62 kB
          Dapeng Sun
        2. SENTRY-390.003.patch
          145 kB
          Dapeng Sun
        3. SENTRY-390.002.patch
          108 kB
          Dapeng Sun
        4. SENTRY-390.patch
          104 kB
          Dapeng Sun

        Issue Links

          depends upon

          Sub-task - The sub-task of the issue SENTRY-391 Extend sentrystore query for column level privilege

          • Major - Major loss of function.
          • Resolved
          Is contained by

          New Feature - A new feature of the product, which has yet to be developed. SENTRY-74 Add column-level privileges for Hive/Impala

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Sub-task - The sub-task of the issue SENTRY-393 Grant/Revoke and Show Grant info support for column level privilege

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Review board

          Activity

            People

              dapengsun Dapeng Sun
              dapengsun Dapeng Sun
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: