Repository: sentry Updated Branches: refs/heads/master c2c7af7e3 -> 463aafc17
SENTRY-1086: Add permission check and test case for alter db set owner (Ke Jia, reviewed by Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/463aafc1 Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/463aafc1 Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/463aafc1 Branch: refs/heads/master Commit: 463aafc173a3ee2b03bedefcca9635030824d6cf Parents: c2c7af7 Author: Sun Dapeng <[email protected]> Authored: Wed May 18 09:38:38 2016 +0800 Committer: Sun Dapeng <[email protected]> Committed: Wed May 18 09:38:38 2016 +0800 ---------------------------------------------------------------------- .../sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java | 1 + .../org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java | 6 ++++++ 2 files changed, 7 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/463aafc1/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java index fe6f18e..bc158ff 100644 --- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java +++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java @@ -198,6 +198,7 @@ public class HiveAuthzPrivilegesMap { hiveAuthzStmtPrivMap.put(HiveOperation.DROPDATABASE, dropDbPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/463aafc1/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java index 8539b4c..0522ba0 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java @@ -254,6 +254,7 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { /* Test all operations that require alter on Database alone 1. Alter database : HiveOperation.ALTERDATABASE + 2. Alter database : HiveOperation.ALTERDATABASE_OWNER */ @Test public void testAlterOnDatabase() throws Exception{ @@ -272,6 +273,10 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { connection = context.createConnection(USER2_1); statement = context.createStatement(connection); statement.execute("ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('comment'='comment')"); + + connection = context.createConnection(ADMIN1); + statement = context.createStatement(connection); + statement.execute("ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1); statement.close(); connection.close(); @@ -285,6 +290,7 @@ public class TestOperationsPart1 extends AbstractTestWithStaticConfiguration { connection = context.createConnection(USER3_1); statement = context.createStatement(connection); context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET DBPROPERTIES ('comment'='comment')", semanticException); + context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1, semanticException); statement.close(); connection.close(); }
