[
https://issues.apache.org/jira/browse/SENTRY-715?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sravya Tirukkovalur resolved SENTRY-715.
----------------------------------------
Resolution: Fixed
Fix Version/s: 1.5.0
> ACLs are not updated on a table until the first explicit GRANT statement.
> -------------------------------------------------------------------------
>
> Key: SENTRY-715
> URL: https://issues.apache.org/jira/browse/SENTRY-715
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.5.0
> Reporter: Prasad Mujumdar
> Assignee: Prasad Mujumdar
> Fix For: 1.5.0
>
>
> CREATE ROLE systest_default;
> GRANT ROLE systest_default TO GROUP systest;
> GRANT ALL ON DATABASE default to ROLE systest_default;
> 2. kinit as systest
> CREATE TABLE test_tbl (i int);
> INSERT INTO TABLE test_tbl SELECT 1;
> 3. Look at ACLs (note that systest is not included):
> [root@lenni-ssl-2 ~]# hadoop fs -getfacl
> /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
> # file:
> /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
> # owner: hive
> # group: hive
> user::rwx
> user:hive:rwx
> group:hive:rwx
> other::---
> mask::rwx
> other::---
> 4. If a GRANT SELECT ON TABLE test_tbl is executed after the table is
> created, the privileges are updated. But note that the systest only has read
> privileges and not read/write (it should inherit the ALL on the database):
> [root@lenni-ssl-2 ~]# hadoop fs -getfacl
> /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
> a# file:
> /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
> # owner: hive
> # group: hive
> user::rwx
> user:hive:rwx
> group:hive:rwx
> other::---
> group:systest:r-x
> mask::rwx
> other::---
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
