Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
The jira include:
- SENTRY Thrift API changed :
- We change the field TSentryPrivilege privilege to set<TSentryPrivilege> privileges in TAlterSentryRoleGrantPrivilegeRequest and TAlterSentryRoleRevokePrivilegeRequest, The reason is the HIVE GRANT may like Grant SELECT (tb1.col1, tb2.col2) on TABLE table1 to role roleName, it contains two privileges (col1 and col2) for SENTRY, to reduce the request API calls, we make it change.
- Another way to Implement it, maybe add a column list to TSentryPrivilege, but it will bring more problems, we know SentryStore has many convert methods between TSentryPrivilege and MSentryPrivilege, and query an unique MSentryPrivilege use TSentryPrivilege as query condition, so we should make them one-to-one correspondence.
- Change SentryStore after Thrift API changed
- Change SentryPolicyStoreProcessor and SentryPolicyServiceClient after Thrift API changed, include the grant/revoke methods about column privilege
- Change Auditlog after Thrift API changed
Attachments
Attachments
Issue Links
- depends upon
-
SENTRY-391 Extend sentrystore query for column level privilege
- Resolved
- Is contained by
-
SENTRY-74 Add column-level privileges for Hive/Impala
- Resolved
- is depended upon by
-
SENTRY-393 Grant/Revoke and Show Grant info support for column level privilege
- Resolved
- links to