ACCESS-20: Implement Views in policy engine and core

Review Request #2869 - Created April 15, 2013 and submitted

Brock Noland
old-access
master
ACCESS-20
access
Add's View to core and policy engine.
Tests added for new functionality in policy engine. Adjusted existing e2e tests as required.
  1. Patch itself looks good to me.
    
    At this stage though the Hive compiler reports views entities as tables. Hence the authorization hooks continue to treat the view as table. If the provider file grants the privilage to view using 'view=<name>', will that be a problem if the authorizable object passed is a table ?
    
    1. If the policy file has view=view1 and the binding layer passes down table=view1, then the user will not have access to view1. Should the compiler be adjusted?
    2. hmm .. that will break the existing hooks. It will  make some of the existing object to be reported as a new type of entity. The products like Cloudera Manager depends on specific entity types, especially tables.  The ACCESS-36 patch also requires a compiler to capture more URIs but at least that's an existing type and we'll capturing new objects, which is far less invasive.
      Besides the patch will need updating a large number of expected test outputs, but that should still be manageable ..
  2. 
      
  1. LGMT
    
    Please remove the e2e test changes since we are not going to change the tags.
  2. 
      
Review request changed

Status: Closed (submitted)

Loading...