[
https://issues.apache.org/jira/browse/SENTRY-214?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14001341#comment-14001341
]
Arun Suresh commented on SENTRY-214:
------------------------------------
On further investigation, I found that the SentryService was actually throwing
the following error :
{quote}
2014-05-18 19:15:37,324 (pool-6-thread-1) [WARN -
org.datanucleus.util.Log4JLogger.warn(Log4JLogger.java:96)] Execution of method
"add" on field "privileges" caused an error : Insert of object
"org.apache.sentry.provider.db.service.model.MSentryPrivilege@3f755bd2" using
statement "INSERT INTO SENTRY_DB_PRIVILEGE
(DB_PRIVILEGE_ID,"ACTION",CREATE_TIME,PRIVILEGE_SCOPE,"TABLE_NAME",PRIVILEGE_NAME,URI,GRANTOR_PRINCIPAL,DB_NAME,"SERVER_NAME")
VALUES (?,?,?,?,?,?,?,?,?,?)" failed : The statement was aborted because it
would have caused a duplicate key value in a unique or primary key constraint
or unique index identified by 'SENTRY_PRIVILEGE_NAME' defined on
'SENTRY_DB_PRIVILEGE'.
Insert of object
"org.apache.sentry.provider.db.service.model.MSentryPrivilege@3f755bd2" using
statement "INSERT INTO SENTRY_DB_PRIVILEGE
(DB_PRIVILEGE_ID,"ACTION",CREATE_TIME,PRIVILEGE_SCOPE,"TABLE_NAME",PRIVILEGE_NAME,URI,GRANTOR_PRINCIPAL,DB_NAME,"SERVER_NAME")
VALUES (?,?,?,?,?,?,?,?,?,?)" failed : The statement was aborted because it
would have caused a duplicate key value in a unique or primary key constraint
or unique index identified by 'SENTRY_PRIVILEGE_NAME' defined on
'SENTRY_DB_PRIVILEGE'.
org.datanucleus.exceptions.NucleusDataStoreException: Insert of object
"org.apache.sentry.provider.db.service.model.MSentryPrivilege@3f755bd2" using
statement "INSERT INTO SENTRY_DB_PRIVILEGE
(DB_PRIVILEGE_ID,"ACTION",CREATE_TIME,PRIVILEGE_SCOPE,"TABLE_NAME",PRIVILEGE_NAME,URI,GRANTOR_PRINCIPAL,DB_NAME,"SERVER_NAME")
VALUES (?,?,?,?,?,?,?,?,?,?)" failed : The statement was aborted because it
would have caused a duplicate key value in a unique or primary key constraint
or unique index identified by 'SENTRY_PRIVILEGE_NAME' defined on
'SENTRY_DB_PRIVILEGE'.
at
org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:504)
at
org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertTable(RDBMSPersistenceHandler.java:167)
at
org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:143)
at
org.datanucleus.state.JDOStateManager.internalMakePersistent(JDOStateManager.java:3777)
at
org.datanucleus.state.JDOStateManager.makePersistent(JDOStateManager.java:3753)
at
org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2124)
at
org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2218)
at
org.datanucleus.store.types.SCOUtils.validateObjectForWriting(SCOUtils.java:1524)
...
{quote}
Looks like the Issue is due to the fact that a check should be made to see if
the privilege already exists, then load it from the db.. and then modify it by
appending the role.
Attaching the fix..
> Sentry Service does not allow the same Privilege to be associated to multiple
> Roles
> -----------------------------------------------------------------------------------
>
> Key: SENTRY-214
> URL: https://issues.apache.org/jira/browse/SENTRY-214
> Project: Sentry
> Issue Type: Bug
> Affects Versions: db_policy_store, 1.4.0
> Reporter: Arun Suresh
> Attachments: SENTRY-214.1.patch, SENTRY-214.2.patch
>
>
> Steps to recreate :
> 1) Create role1
> 2) Create role2
> 3) Grant 'role1' a Privilege(ALL) to a Table t1, Db d1, server S1
> 4) the 'listPrivilegesByRoleName' API applied to 'role1' returns a set of
> size 1
> 5) Grant 'role2' the same Privilege as role 1.. a Privilege(ALL) to a Table
> t1, Db d1, server S1
> 6) the 'listPrivilegesByRoleName' API applied to 'role2' returns a set of
> size 0
--
This message was sent by Atlassian JIRA
(v6.2#6252)
