...
The above cache would be re-populated asynchronously from the configured Authorization Provider (Apache Sentry/Apache Ranger, etc) at a configurable time interval, using an AbstractScheduledService. Instead of querying these external systems every time an authorization check is required, various CDAP sub-components will instead query this cache.
TODO: External systems may have their own caching mechanisms. e.g. Sentry has PrivilegeCache. We should make this cache pluggable, the APIs exposed by these external systems can be re-used
Dependencies
Ability to distinguish between read and write operations in datasets
...