Lenni Kuff created SENTRY-445:
---------------------------------
Summary: WITH GRANT OPTION does not allow delegated user to grant
less permissive privileges
Key: SENTRY-445
URL: https://issues.apache.org/jira/browse/SENTRY-445
Project: Sentry
Issue Type: Bug
Affects Versions: 1.4.0
Reporter: Lenni Kuff
Fix For: 1.5.0
In this case the delegated user (root) has been granted ALL on a database and
the WITH GRANT OPTION was specified. When the user tries to issue a GRANT
SELECT ON TABLE within that database the command fails saying the user does not
have privileges to execute. It seems that since ALL implies SELECT they should
be able to also GRANT SELECT privileges.
{code}
-- executing against localhost:21000
create role grant_revoke_test_ROOT;
grant role grant_revoke_test_ROOT to group root;
grant all on database functional to grant_revoke_test_ROOT WITH GRANT OPTION;
-- connecting to: localhost:21000 as "root"
-- FAILS: AuthorizationException: User 'root' does not have privileges to
execute: GRANT_PRIVILEGE
grant select on table functional.alltypes to grant_revoke_test_ROOT;
-- SUCCEEDS
grant ALL on table functional.alltypes to grant_revoke_test_ROOT;
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
