[jira] [Created] (SENTRY-977) grant insert on table; insert into table values doesn't work with "SemanticException No valid privileges"

Thu, 03 Dec 2015 11:22:13 -0800 

Anne Yu created SENTRY-977:
------------------------------

             Summary: grant insert on table; insert into table values doesn't 
work with "SemanticException No valid privileges"
                 Key: SENTRY-977
                 URL: https://issues.apache.org/jira/browse/SENTRY-977
             Project: Sentry
          Issue Type: Bug
    Affects Versions: 1.5.1
            Reporter: Anne Yu
            Priority: Blocker


{code}
create database test_db;
use test_db;
create role test_role;
create table test_tbl(s STRING);
grant select on table test_tbl to role test_role;
grant insert on table test_tbl to role test_role;
insert into table test_tbl values ('test');
{code}

Then can see the failure with error:
{noformat}
Error: Error while compiling statement: FAILED: SemanticException No valid 
privileges
 User test_user does not have privileges for QUERY (state=42000,code=40000)
{noformat}

However, insert into table ... select ... from an_existing_table works fine.

The difference between these two queries, shown from sentry service log is:
Reading in results for query "SELECT FROM 
org.apache.sentry.provider.db.service.model.MSentryPrivilege WHERE 
roles.contains(role) && (role.roleName == "test_role_2" || role.roleName == 
"test_role") && serverName == "server1" && ((dbName == "test_db_2") || (dbName 
== "__NULL__")) && (URI == "__NULL__") && ((tableName == "test_tbl_2") || 
(tableName == "__NULL__")) && (URI == "__NULL__") && ((columnName == "s") || 
(columnName == "__NULL__")) && (URI == "__NULL__") VARIABLES 
org.apache.sentry.provider.db.service.model.MSentryRole role" since the 
connection used is closing

Reading in results for query "SELECT FROM 
org.apache.sentry.provider.db.service.model.MSentryPrivilege WHERE 
roles.contains(role) && (role.roleName == "test_role_2" || role.roleName == 
"test_role") && serverName == "server1" && ((dbName == "test_db_2") || (dbName 
== "__NULL__")) && (URI == "__NULL__") && ((tableName == "test_tbl_2") || 
(tableName == "__NULL__")) && (URI == "__NULL__") VARIABLES 
org.apache.sentry.provider.db.service.model.MSentryRole role" since the 
connection used is closing;

Seems we don't process  (columnName == "__NULL__")) && (URI == "__NULL__") 
correctly. If do {noformat}show grant role test_role{noformat}, can see column 
value is NULL, not "--"; don't know if this matters.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to