Apache Sentry 是一个加强的细粒度的基于角色的授权系统,针对存储在 Hadoop 集群中的数据和元数据。
Apache Sentry 1.2.0 改进内容包括:
** Bug
* [SENTRY-15] - log4j.properties file under sentry-tests references the old access package
* [SENTRY-1] - use default on HiveServer2 fails with invalid privileges exception
* [SENTRY-2] - Code cleanup in various poms
* [ACCESS-8] - Log warning if authorization is not used with strong authentication
* [ACCESS-49] - Modify test cases to restrict LOAD from specific locations
* [ACCESS-140] - malformatted policy is permitted conditionally
* [ACCESS-164] - policy file doesn't check non-exist entity mapping
* [ACCESS-174] - access only throw first error message in HiveServer2 log, and ignore the rest
* [ACCESS-180] - per DB policy file usability issues
* [ACCESS-197] - Child authorizeable objects are not inheriting permissions from parent
* [ACCESS-201] - Bad error message in HiveAuthzBinding
* [ACCESS-203] - Update trunk version to 1.1 and update dependencies
* [ACCESS-230] - CREATE TABLE AS works even if user does not have DB-level access
* [ACCESS-231] - ALTER TABLE SET TBLPROPERTIES allows updates to tables even when the user doesn't have the right privileges
* [ACCESS-232] - The per-db policy fies can't be accessed if they are not in the same file system as the global policy file.
* [ACCESS-233] - The URI permission checks should append path separator before checking the parent path
* [ACCESS-235] - Format unqualified URI as DFS uri by default
** Improvement
* [SENTRY-5] - Normalize the usernames used in the end to end tests
* [ACCESS-100] - ResourceAuthzProvider should ensure the subject name is non-null before doing the group lookup
* [ACCESS-157] - Access hard codes hive authentication method none
* [ACCESS-211] - Add maven profile for compiling access with upstream Apache hadoop/hive
* [ACCESS-221] - Restrict the URI access granted from a per-database policy file
思朴互联-西部数码代理站
2013-9-26