[
https://issues.apache.org/jira/browse/SENTRY-594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaomeng Huang updated SENTRY-594:
----------------------------------
Description:
"ALTER DATABASE" command can get entities from WriteEntity, and get nothing
from ReadEntity. So this command should check output privilege instead of input.
What's more, "ALTER TABLE" also check output privilege, likes below:
{code}
HiveAuthzPrivileges alterTablePrivilege = new
HiveAuthzPrivileges.AuthzPrivilegeBuilder().
addOutputObjectPriviledge(AuthorizableType.Table,
EnumSet.of(DBModelAction.ALTER)).
setOperationScope(HiveOperationScope.TABLE).
setOperationType(HiveOperationType.DDL).
build();
{code}
was:"ALTER DATABASE" command can get entities from WriteEntity, and get
nothing from ReadEntity. So this command should check output privilege
> Alter database should check output privilege instead of input
> -------------------------------------------------------------
>
> Key: SENTRY-594
> URL: https://issues.apache.org/jira/browse/SENTRY-594
> Project: Sentry
> Issue Type: Bug
> Reporter: Xiaomeng Huang
> Assignee: Xiaomeng Huang
> Attachments: SENTRY-594.001.patch
>
>
> "ALTER DATABASE" command can get entities from WriteEntity, and get nothing
> from ReadEntity. So this command should check output privilege instead of
> input.
> What's more, "ALTER TABLE" also check output privilege, likes below:
> {code}
> HiveAuthzPrivileges alterTablePrivilege = new
> HiveAuthzPrivileges.AuthzPrivilegeBuilder().
> addOutputObjectPriviledge(AuthorizableType.Table,
> EnumSet.of(DBModelAction.ALTER)).
> setOperationScope(HiveOperationScope.TABLE).
> setOperationType(HiveOperationType.DDL).
> build();
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
