[jira] [Updated] (SENTRY-473) Support revoking privilege with grant option

Mon, 15 Dec 2014 21:51:48 -0800 

     [ 
https://issues.apache.org/jira/browse/SENTRY-473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Xiaomeng Huang updated SENTRY-473:
----------------------------------
    Description: 
SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking 
privilege with grant option in HIVE-7404.
It looks like:
{code}
REVOKE [GRANT OPTION FOR]
    priv_type [, priv_type ] ...
    ON table_or_view_name
    FROM principal_specification [, principal_specification] ... ;
{code}

We should support downgrade grant option for "GRANT OPTION FOR". It means when 
"GRANT OPTION FOR" set, we just modify grant option of this privilege from true 
to false.
use cases:
{code}
1. grant ALL on database db1 to role role1;
2. grant ALL on database db1 to role role2 with grant option;
3. revoke grant option for ALL on database db1 from role role1;
4. revoke grant option for ALL on database db1 from role role2;
5. revoke ALL on database db1 from role role2;
{code}
After 3rd command executed, role1 still has privilege with action ALL on db1, 
grant option is false.
After 4th command executed, role2 downgrade privilege to grant option is false.
After 5th command executed, role2 will remove privilege with action ALL on db1.

  was:
SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking 
privilege with grant option in HIVE-7404.
It looks like:
{code}
REVOKE [GRANT OPTION FOR]
    priv_type [, priv_type ] ...
    ON table_or_view_name
    FROM principal_specification [, principal_specification] ... ;
{code}


> Support revoking privilege with grant option
> --------------------------------------------
>
>                 Key: SENTRY-473
>                 URL: https://issues.apache.org/jira/browse/SENTRY-473
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>            Priority: Minor
>
> SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking 
> privilege with grant option in HIVE-7404.
> It looks like:
> {code}
> REVOKE [GRANT OPTION FOR]
>     priv_type [, priv_type ] ...
>     ON table_or_view_name
>     FROM principal_specification [, principal_specification] ... ;
> {code}
> We should support downgrade grant option for "GRANT OPTION FOR". It means 
> when "GRANT OPTION FOR" set, we just modify grant option of this privilege 
> from true to false.
> use cases:
> {code}
> 1. grant ALL on database db1 to role role1;
> 2. grant ALL on database db1 to role role2 with grant option;
> 3. revoke grant option for ALL on database db1 from role role1;
> 4. revoke grant option for ALL on database db1 from role role2;
> 5. revoke ALL on database db1 from role role2;
> {code}
> After 3rd command executed, role1 still has privilege with action ALL on db1, 
> grant option is false.
> After 4th command executed, role2 downgrade privilege to grant option is 
> false.
> After 5th command executed, role2 will remove privilege with action ALL on 
> db1.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to