Repository: sentry Updated Branches: refs/heads/sentry-ha-redesign dbf72f5ae -> b385440ed
SENTRY-1349: Add permission check and test case for alter db set owner in V2 (Ke Jia via Dapeng Sun) Project: http://git-wip-us.apache.org/repos/asf/sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/b385440e Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/b385440e Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/b385440e Branch: refs/heads/sentry-ha-redesign Commit: b385440ed9d23d39af5da784ca715d61c23e0638 Parents: dbf72f5 Author: Alexander Kolbasov <[email protected]> Authored: Fri Mar 10 17:59:45 2017 -0800 Committer: Alexander Kolbasov <[email protected]> Committed: Fri Mar 10 17:59:45 2017 -0800 ---------------------------------------------------------------------- .../hive/v2/HiveAuthzPrivilegesMapV2.java | 1 + .../sentry/tests/e2e/hive/TestOperations.java | 27 ++++++++++++++++++++ 2 files changed, 28 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sentry/blob/b385440e/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java ---------------------------------------------------------------------- diff --git a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java index 8993084..93bdf4b 100644 --- a/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java +++ b/sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java @@ -199,6 +199,7 @@ public class HiveAuthzPrivilegesMapV2 { hiveAuthzStmtPrivMap.put(HiveOperation.DROPDATABASE, dropDbPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.CREATETABLE, tableCreatePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE, alterDbPrivilege); + hiveAuthzStmtPrivMap.put(HiveOperation.ALTERDATABASE_OWNER, alterDbPrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.DROPTABLE, dropTablePrivilege); hiveAuthzStmtPrivMap.put(HiveOperation.CREATEVIEW, createViewPrivilege); http://git-wip-us.apache.org/repos/asf/sentry/blob/b385440e/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java ---------------------------------------------------------------------- diff --git a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java index 06a5752..b8d80f1 100644 --- a/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java +++ b/sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperations.java @@ -289,6 +289,33 @@ public class TestOperations extends AbstractTestWithStaticConfiguration { connection.close(); } + /* Test all operations that require alter on Database alone + 1. Alter database : HiveOperation.ALTERDATABASE_OWNER + */ + @Test + public void testAlterDatabaseOwner() throws Exception{ + adminCreate(DB1, null); + + + Connection connection = context.createConnection(ADMIN1); + Statement statement = context.createStatement(connection); + statement.execute("ALTER DATABASE " + DB1 + " SET OWNER USER " + USER1_1); + + + //Negative case + adminCreate(DB1, null); + policyFile + .addPermissionsToRole("select_db1", privileges.get("select_db1")) + .addRolesToGroup(USERGROUP1, "select_db1"); + writePolicyFile(policyFile); + + connection = context.createConnection(USER1_1); + statement = context.createStatement(connection); + context.assertSentrySemanticException(statement, "ALTER DATABASE " + DB1 + " SET OWNER USER " + USER2_1, semanticException); + statement.close(); + connection.close(); + } + /* SELECT/INSERT on DATABASE 1. HiveOperation.DESCDATABASE */
