Ryan P created SENTRY-666:
-----------------------------
Summary: Grant assumes Table object when not passed both an object
and a name
Key: SENTRY-666
URL: https://issues.apache.org/jira/browse/SENTRY-666
Project: Sentry
Issue Type: Bug
Affects Versions: 1.4.0
Reporter: Ryan P
Priority: Minor
If you pass only one argument to the grant statement it assumes you are setting
privileges for the table object.
0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> grant all on server1 to role
test;
No rows affected (0.198 seconds)
0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> show grant role test;
+-----------+------------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+------------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| default | test | | | test | ROLE
| * | false | 1425774500157000 | -- |
| /tmp | | | | test | ROLE
| * | false | 1425775719259000 | -- |
| default | ta | | | test | ROLE
| * | false | 1425777721565000 | -- |
| default | server1 | | | test | ROLE
| * | false | 1421854212609000 | -- |
| default | testpatch | | | test | ROLE
| select | false | 1425774558034000 | -- |
+-----------+------------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
5 rows selected (0.217 seconds)
I understand this was probably done for convenience but it can cause confusion
for first-time users. At a quick glance it would appear as if I am granting all
on server to role test.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
