[
https://issues.apache.org/jira/browse/SENTRY-445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Prasad Mujumdar updated SENTRY-445:
-----------------------------------
Attachment: SENTRY-445.1.patch
> WITH GRANT OPTION does not allow delegated user to grant less permissive
> privileges
> -----------------------------------------------------------------------------------
>
> Key: SENTRY-445
> URL: https://issues.apache.org/jira/browse/SENTRY-445
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.4.0
> Reporter: Lenni Kuff
> Fix For: 1.5.0
>
> Attachments: SENTRY-445.1.patch
>
>
> In this case the delegated user (root) has been granted ALL on a database and
> the WITH GRANT OPTION was specified. When the user tries to issue a GRANT
> SELECT ON TABLE within that database the command fails saying the user does
> not have privileges to execute. It seems that since ALL implies SELECT they
> should be able to also GRANT SELECT privileges.
> {code}
> -- executing against localhost:21000
> create role grant_revoke_test_ROOT;
> grant role grant_revoke_test_ROOT to group root;
> grant all on database functional to grant_revoke_test_ROOT WITH GRANT OPTION;
> -- connecting to: localhost:21000 as "root"
> -- FAILS: AuthorizationException: User 'root' does not have privileges to
> execute: GRANT_PRIVILEGE
> grant select on table functional.alltypes to grant_revoke_test_ROOT;
> -- SUCCEEDS
> grant ALL on table functional.alltypes to grant_revoke_test_ROOT;
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
