> On May 15, 2018, 9:37 p.m., Sergio Pena wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 209 (patched) > > <https://reviews.apache.org/r/67134/diff/1/?file=2023051#file2023051line209> > > > > If it is for object, why is the type == USER? If it is a bug in Hive, > > then, should we check this or can we ignore it?
Yes there has to be a Hive change for it. It is set from PrincipalType and it only has types USER, ROLE, and GROUP, but but no UNKNOWN, unlike HivePrincipal. Let me know if this makes sense > On May 15, 2018, 9:37 p.m., Sergio Pena wrote: > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestShowGrants.java > > Lines 37-38 (patched) > > <https://reviews.apache.org/r/67134/diff/1/?file=2023054#file2023054line37> > > > > Are we sting 'show grant role' or just 'show grant'? I think to keep > > this variable name generic, we should use SHOW_GRANT_DB_POSITION, etc/ > > right? Ok yeah. I will change the name > On May 15, 2018, 9:37 p.m., Sergio Pena wrote: > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestShowGrants.java > > Lines 116 (patched) > > <https://reviews.apache.org/r/67134/diff/1/?file=2023054#file2023054line116> > > > > role2 and role3 has privileges here, but what about role1 who has all > > privileges in the server? How should this work? should we display it as > > well? No you shouldn't. You only display privileges granted to that specific object as opposed to heirarchical as well - Arjun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67134/#review203164 ----------------------------------------------------------- On May 15, 2018, 4:17 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67134/ > ----------------------------------------------------------- > > (Updated May 15, 2018, 4:17 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda, Na Li, Steve Moist, and > Sergio Pena. > > > Repository: sentry > > > Description > ------- > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/hadoop/hive/ql/exec/SentryHivePrivilegeObjectDesc.java > 4fa4221b4 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java > 203632d05 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > 23246c903 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > fc2427cbf > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java > 2e3fd7f36 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > cafe2b597 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestShowGrants.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/67134/diff/1/ > > > Testing > ------- > > $ mvn -f sentry-binding/pom.xml test > $ mvn -f sentry-provider/pom.xml test > > > Thanks, > > Arjun Mishra > >
