Review Request 67231: User can DROP function under a database that he/she has no access

Sun, 20 May 2018 16:35:17 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67231/
-----------------------------------------------------------

Review request for sentry.


Bugs: SENTRY-2240
    https://issues.apache.org/jira/browse/SENTRY-2240


Repository: sentry


Description
-------

User can DROP UDF function under a database that he/she has no access to.

I created it as separate JIRA from SENTRY-781 due to changes are quite 
different.


Diffs
-----

  
sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
 5a21dd3e 
  
sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java
 61278fe0 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
 09bd9b56 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
 447deaf5 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
 4f932ea6 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
 3bbf6fb1 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
 e0b584c6 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
 8306e953 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java
 bd0f978e 


Diff: https://reviews.apache.org/r/67231/diff/1/


Testing
-------

Manual testing + updated test cases.

1. user can create/drop function if he/she has ALL access to DB
2. user can't create/drop function if he/she does not have access to DB, nor 
tables
3. user can't create/drop function if he/she only has read access to DB
4. user can't create/drop function if he/she only has read access to a table 
under the DB
5. user can't create/drop function if he/she does not have access to URI JAR 
file


Thanks,

Eric Lin

Reply via email to