[jira] [Commented] (SENTRY-476) SENTRY should have the ability to check the database and table in metastore

Mon, 29 Sep 2014 01:22:08 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14151482#comment-14151482
 ] 

Dapeng Sun commented on SENTRY-476:
-----------------------------------

Hi Lenni, thank you for your comments
it's easy to reproduce, 
{noformat}
diff --git 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
 b/sentry-tests/sentry-tests-hive/src/test/jav
index 581350a..8ebe4eb 100644
--- 
a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
+++ 
b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
@@ -82,7 +82,7 @@ public class TestPrivilegeWithGrantOption extends 
AbstractTestWithStaticConfigur
     Statement statement = context.createStatement(connection);
     statement.execute("DROP DATABASE IF EXISTS db_1 CASCADE");
     statement.execute("DROP DATABASE IF EXISTS db_2 CASCADE");
-    statement.execute("CREATE DATABASE db_1");
+    //statement.execute("CREATE DATABASE db_1");
     statement.execute("CREATE ROLE group1_role");
     statement.execute("GRANT ALL ON DATABASE db_1 TO ROLE group1_role");
     statement.execute("GRANT ROLE group1_role TO GROUP " + USERGROUP1);
{noformat}

We can see grant operation on db_1 still work.

Regarding your concerns
{quote}
It adds a new dependency on the HMS to the Sentry Service.
{quote}
Yes, add dependency to Sentry Service is not a good solution, it should add to 
{{SentryGrantRevokeTask}} in SENTRY.
{quote}
This is inherently racy. As soon as the HMS existence check is made the object 
could have been dropped.
{quote}
Sorry, I'm not quite clear what you mean.

> SENTRY should have the ability to check the database and table in metastore
> ---------------------------------------------------------------------------
>
>                 Key: SENTRY-476
>                 URL: https://issues.apache.org/jira/browse/SENTRY-476
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Dapeng Sun
>
> Currently when sentry grant privilege to object, such as database, table, it 
> doesn't do the check whether if the object is existed in HIVE, we should add 
> a configuration property, if the property is enabled, sentry will connect to 
> HIVE Metastore and check if the object is exist or not.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to