[jira] [Assigned] (SENTRY-488) Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges for some cases.

Arun Suresh (JIRA) Fri, 03 Oct 2014 19:02:16 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Arun Suresh reassigned SENTRY-488:
----------------------------------

    Assignee: Arun Suresh

> Sentry list_sentry_privileges_by_authorizable API does not filter out 
> roles/privileges for some cases.
> ------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-488
>                 URL: https://issues.apache.org/jira/browse/SENTRY-488
>             Project: Sentry
>          Issue Type: Bug
>            Reporter: Arun Suresh
>            Assignee: Arun Suresh
>
> I am requestorUserName=u'user1_1' which is non admin and only have 'foo' group
> I can list ALL the roles/privilege attached to an object.
> I should only see the group foo and its privilege on sample_07.
> {code}
> [02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call <class 
> 'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable
>  returned in 38ms: 
> TListSentryPrivilegesByAuthResponse(status=TSentryResponseStatus(message='', 
> stack=None, value=0), 
> privilegesMapByAuth={TSentryAuthorizable(table='sample_07', db='default', 
> uri=None, server='server1'): TSentryPrivilegeMap(privilegeMap={'foo': 
> set([TSentryPrivilege(grantOption=0, serverName='server1', 
> tableName='sample_07', privilegeScope='TABLE', createTime=1412271660913, 
> URI='', action='all', dbName='default'), TSentryPrivilege(grantOption=0, 
> serverName='server1', tableName='sample_07', privilegeScope='TABLE', 
> createTime=1412270683086, URI='', action='select', dbName='default'), 
> TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07', 
> privilegeScope='TABLE', createTime=1412271260793, URI='', action='insert', 
> dbName='default')]), 'jholoman': set([TSentryPrivilege(grantOption=0, 
> serverName='server1', tableName='sample_07', privilegeScope='TABLE', 
> createTime=1412271260793, URI='', action='insert', dbName='default')]), ....
> [02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call: <class 
> 'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable(args=(TListSentryPrivilegesByAuthRequest(protocol_version=1,
>  authorizableSet=[TSentryAuthorizable(table=u'sample_07', db=u'default', 
> uri=None, server=u'server1')], roleSet=None, groups=None, 
> requestorUserName=u'user1_1'),), kwargs={})
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (SENTRY-488) Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges for some cases.

Reply via email to