[
https://issues.apache.org/jira/browse/SENTRY-550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaomeng Huang updated SENTRY-550:
----------------------------------
Description:
Currently if we rename table, SentryStore just rename ALL, INSERT and SELECT
from this role. But now we support more actions, so we should support more
actions for rename. If we don't rename privilege with all action, it actually
is a bug in some cases, e.g.
{code}
>grant select, insert, alter, drop to table db1.tb1
>grant create to database db1
>rename tb1 to tb2
>drop tb2 -->should be success
>drop tb1 -->should be failed
{code}
Like the use case above, if we rename tb1, we should have drop permission on
tb2, and no permission to drop tb1
But before this patch, 'drop tb2' will failed, and 'drop tb1' will success
was:Currently if we rename table, SentryStore just rename ALL, INSERT and
SELECT from this role. But now we support more actions, so we should support
more actions for rename.
> SentryStore support more actions for rename
> -------------------------------------------
>
> Key: SENTRY-550
> URL: https://issues.apache.org/jira/browse/SENTRY-550
> Project: Sentry
> Issue Type: Sub-task
> Reporter: Xiaomeng Huang
> Assignee: Xiaomeng Huang
>
> Currently if we rename table, SentryStore just rename ALL, INSERT and SELECT
> from this role. But now we support more actions, so we should support more
> actions for rename. If we don't rename privilege with all action, it actually
> is a bug in some cases, e.g.
> {code}
> >grant select, insert, alter, drop to table db1.tb1
> >grant create to database db1
> >rename tb1 to tb2
> >drop tb2 -->should be success
> >drop tb1 -->should be failed
> {code}
> Like the use case above, if we rename tb1, we should have drop permission on
> tb2, and no permission to drop tb1
> But before this patch, 'drop tb2' will failed, and 'drop tb1' will success
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
