Repository: incubator-sentry Updated Branches: refs/heads/master b3ee46494 -> 5fc968e6c
SENTRY-205: Sentry throws Exception when trying to revoke Table level privileges (Arun Suresh via Prasad Mujumdar) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/5fc968e6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/5fc968e6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/5fc968e6 Branch: refs/heads/master Commit: 5fc968e6caa2a7a3c4b7a75de6c93ff0dba89c9b Parents: b3ee464 Author: Prasad Mujumdar <[email protected]> Authored: Fri May 16 19:22:37 2014 -0700 Committer: Prasad Mujumdar <[email protected]> Committed: Fri May 16 19:22:37 2014 -0700 ---------------------------------------------------------------------- .../service/thrift/SentryPolicyServiceClient.java | 1 + .../thrift/TestSentryServiceIntegration.java | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5fc968e6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java index 33b8735..5f8a65f 100644 --- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java +++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java @@ -300,6 +300,7 @@ public class SentryPolicyServiceClient { privilege.setServerName(serverName); privilege.setURI(uri); privilege.setDbName(db); + privilege.setTableName(table); privilege.setAction(action); privilege.setGrantorPrincipal(requestorUserName); privilege.setCreateTime(System.currentTimeMillis()); http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5fc968e6/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java ---------------------------------------------------------------------- diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java index e211079..1e4ed17 100644 --- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java +++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java @@ -49,6 +49,24 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase { } client.dropRole(requestorUserName, requestorUserGroupNames, roleName); } + + @Test + public void testGranRevokePrivilegeOnTableForRole() throws Exception { + String requestorUserName = ADMIN_USER; + Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); + String roleName = "admin_r"; + + client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName); + client.createRole(requestorUserName, requestorUserGroupNames, roleName); + + client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName, "server", "db", "table", "ALL"); + Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName); + assertTrue("Privilege not assigned to role !!", listPrivilegesByRoleName.size() == 1); + + client.revokeTablePrivilege(requestorUserName, requestorUserGroupNames, roleName, "server", "db", "table", "ALL"); + listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName); + assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0); + } @Test public void testShowRoleGrant() throws Exception {
