----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67231/ -----------------------------------------------------------
Review request for sentry. Bugs: SENTRY-2240 https://issues.apache.org/jira/browse/SENTRY-2240 Repository: sentry Description ------- User can DROP UDF function under a database that he/she has no access to. I created it as separate JIRA from SENTRY-781 due to changes are quite different. Diffs ----- sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java 5a21dd3e sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java 61278fe0 sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b56 sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java 447deaf5 sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 4f932ea6 sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java 3bbf6fb1 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java e0b584c6 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java 8306e953 sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java bd0f978e Diff: https://reviews.apache.org/r/67231/diff/1/ Testing ------- Manual testing + updated test cases. 1. user can create/drop function if he/she has ALL access to DB 2. user can't create/drop function if he/she does not have access to DB, nor tables 3. user can't create/drop function if he/she only has read access to DB 4. user can't create/drop function if he/she only has read access to a table under the DB 5. user can't create/drop function if he/she does not have access to URI JAR file Thanks, Eric Lin