> On Feb. 13, 2018, 10:51 p.m., Sergio Pena wrote: > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java > > Line 363 (original), 363 (patched) > > <https://reviews.apache.org/r/65641/diff/1/?file=1959569#file1959569line363> > > > > I'm confused about this. Don't we support 'show grant role' already? > > Why is Sentry displaying that it does not support show grant on role?
We do. This is "show role grant role <role>". It looks like it has never been supported, the only show role grant supported is "show role grant group <group>". The hive docs make mention to "show role grant role" https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-RoleManagementCommands but does not include an example of the execution. - Steve ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/65641/#review197440 ----------------------------------------------------------- On Feb. 13, 2018, 10:35 p.m., Steve Moist wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/65641/ > ----------------------------------------------------------- > > (Updated Feb. 13, 2018, 10:35 p.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > ------- > > Improved the error message for when a show command is run instead of a > generic message that is used improperly. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/SentryHiveConstants.java > 38d1f468 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > 1e520c0b > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > 14a96191 > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java > c75f57d6 > > > Diff: https://reviews.apache.org/r/65641/diff/1/ > > > Testing > ------- > > Setup cluster and ran commands through beeline: > 0: jdbc:hive2://server> show grant user usercomedy; > Error: Error while compiling statement: FAILED: SemanticException Sentry does > not allow privileges to be shown for: USER (state=42000,code=40000) > 0: jdbc:hive2://server> show grant on table movies; > Error: Error while compiling statement: FAILED: SemanticException Sentry does > not allow privileges to be shown for: USER (state=42000,code=40000) > 0: jdbc:hive2://server> show grant on database moviesdb; > Error: Error while compiling statement: FAILED: SemanticException Sentry does > not allow privileges to be shown for: USER (state=42000,code=40000) > 0: jdbc:hive2://server> show grant group comedy_group; > Error: Error while compiling statement: FAILED: SemanticException Sentry does > not allow privileges to be shown for: GROUP (state=42000,code=40000) > 0: jdbc:hive2://server> show role grant role comedyrole; > Error: Error while compiling statement: FAILED: SemanticException Sentry does > not allow privileges to be shown for: ROLE (state=42000,code=40000) > > > Thanks, > > Steve Moist > >
