|
Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
|
|
Impala
Impalaistheopensource,nativeanalyticdatabaseforApacheHadoop.
|
Public Member Functions | |
| void | run () |
Refreshes the authorization policy metadata by querying the Sentry Policy Service. There is currently no way to get a snapshot of the policy from the Sentry Service, so it is possible that Impala will end up in a state that is not consistent with a state the Sentry Service has ever been in. For example, consider the case where a refresh is running and all privileges for Role A have been processed. Before moving to Role B, the user revokes a privilege from Role A and grants it to Role B. Impala will temporarily (until the next refresh) think the privilege is granted to Role A AND to Role B. TODO: Think more about consistency as well as how to recover from errors that leave the policy in a potentially inconsistent state (an RPC fails part-way through a refresh). We should also consider applying this entire update to the catalog atomically.
Definition at line 95 of file SentryProxy.java.
|
inline |
Definition at line 96 of file SentryProxy.java.
References com.cloudera.impala.catalog.Role.getGrantGroups(), com.cloudera.impala.authorization.User.getName(), com.cloudera.impala.util.SentryPolicyService.listAllRoles(), com.cloudera.impala.util.SentryPolicyService.listRolePrivileges(), com.cloudera.impala.util.SentryProxy.processUser_, and com.cloudera.impala.util.SentryProxy.sentryPolicyService_.
1.8.6 
