Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-4913

Cache Authorization Policies

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.5.0
    • Component/s: Security
    • Labels:
      None
    • Release Notes:
      Hide
      Added a way to cache authorization policies so every authorization enforcement request does not have to make a remote call. Caching is configurable - it can be enabled by setting security.authorization.cache.enabled to true. TTL for cache entries (security.authorization.cache.ttl.secs) as well as refresh interval (security.authorization.cache.refresh.interval.secs) is also configurable.
      Show
      Added a way to cache authorization policies so every authorization enforcement request does not have to make a remote call. Caching is configurable - it can be enabled by setting security.authorization.cache.enabled to true. TTL for cache entries (security.authorization.cache.ttl.secs) as well as refresh interval (security.authorization.cache.refresh.interval.secs) is also configurable.
    • Rank:
      1|hzz6jr:

      Description

      In order to reduce the number of RPCs to the Sentry server, it would be good to cache the ACLs. Here is an example of how it is implemented in Impala:

      https://github.com/cloudera/Impala/blob/cdh5-trunk/fe/src/main/java/com/cloudera/impala/catalog/AuthorizationPolicy.java

        Attachments

          Activity

            People

            • Assignee:
              bhooshan Bhooshan Mogal
              Reporter:
              gokul Gokul Gunasekaran
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: