[jira] [Commented] (SENTRY-209) Empty list returned when calling listPrivilegesByRoleName

Sun, 18 May 2014 18:21:31 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14001311#comment-14001311
 ] 

Prasad Mujumdar commented on SENTRY-209:
----------------------------------------

The existing code seem to work with Derby. There's a [test 
case|https://github.com/apache/incubator-sentry/blob/master/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java#L54]
 that covers the same scenario. 
The Derby schema does have a primary key for the mapping table, however it 
doesn't have the separate identity column. It's using the composite key of role 
id and privilege it.

The datanucleus 
[documentation|http://www.datanucleus.org/products/datanucleus/jdo/orm/many_to_many.html#map]
 suggests using join for many to many relations, at least for the mechanism 
that we are using here. I do think we should go ahead with this approach. The 
group to role mapping should also has similar implementation so we might need 
similar changes there as well.

[~asuresh] would you like to test it out the primary key part and add the 
group/role mapping changes ? Else feel free to reassign the ticket to me. 
Thanks!


> Empty list returned when calling listPrivilegesByRoleName
> ---------------------------------------------------------
>
>                 Key: SENTRY-209
>                 URL: https://issues.apache.org/jira/browse/SENTRY-209
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: db_policy_store, 1.4.0
>            Reporter: Arun Suresh
>         Attachments: SENTRY-209.1.patch
>
>
> I tested this on a Mysql backend store.. I assume it would be the case for 
> Postgres and  Oracle too.. if the initSchema is called (and Datanucleus auto 
> create is false)
> Steps to recreate (Using the thrift RPC client):
> 1) Create role : 
> sentryClient.createRole(granter, granterGroups, adminRole);
> 2) Grant table privilege for role (I grant ALL on 100 tables) :
> sentryClient.grantTablePrivilege(granter, granterGroups, adminRole, server, 
> db, "ALL");
> 3) List all privileges for role :
> Set<TSentryPrivilege> listPrivilegesByRoleName = 
> sentryClient.listPrivilegesByRoleName(granter, granterGroups, adminRole);
> This returns an empty Set.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to