[jira] [Created] (SENTRY-488) Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges for some cases.

Fri, 03 Oct 2014 19:02:27 -0700 

Arun Suresh created SENTRY-488:
----------------------------------

             Summary: Sentry list_sentry_privileges_by_authorizable API does 
not filter out roles/privileges for some cases.
                 Key: SENTRY-488
                 URL: https://issues.apache.org/jira/browse/SENTRY-488
             Project: Sentry
          Issue Type: Bug
            Reporter: Arun Suresh


I am requestorUserName=u'user1_1' which is non admin and only have 'foo' group
I can list ALL the roles/privilege attached to an object.

I should only see the group foo and its privilege on sample_07.

{code}
[02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call <class 
'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable
 returned in 38ms: 
TListSentryPrivilegesByAuthResponse(status=TSentryResponseStatus(message='', 
stack=None, value=0), 
privilegesMapByAuth={TSentryAuthorizable(table='sample_07', db='default', 
uri=None, server='server1'): TSentryPrivilegeMap(privilegeMap={'foo': 
set([TSentryPrivilege(grantOption=0, serverName='server1', 
tableName='sample_07', privilegeScope='TABLE', createTime=1412271660913, 
URI='', action='all', dbName='default'), TSentryPrivilege(grantOption=0, 
serverName='server1', tableName='sample_07', privilegeScope='TABLE', 
createTime=1412270683086, URI='', action='select', dbName='default'), 
TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07', 
privilegeScope='TABLE', createTime=1412271260793, URI='', action='insert', 
dbName='default')]), 'jholoman': set([TSentryPrivilege(grantOption=0, 
serverName='server1', tableName='sample_07', privilegeScope='TABLE', 
createTime=1412271260793, URI='', action='insert', dbName='default')]), ....

[02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call: <class 
'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable(args=(TListSentryPrivilegesByAuthRequest(protocol_version=1,
 authorizableSet=[TSentryAuthorizable(table=u'sample_07', db=u'default', 
uri=None, server=u'server1')], roleSet=None, groups=None, 
requestorUserName=u'user1_1'),), kwargs={})
{code}




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to