----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67231/#review203494 -----------------------------------------------------------
can you put the upstream jira number as part of the Summary? sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java Lines 433 (patched) <https://reviews.apache.org/r/67231/#comment285785> We are planning to remove the code under sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2 The only reason it is here is to check what tests are in v2, but not in sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/ before we remove it. - Na Li On May 20, 2018, 11:34 p.m., Eric Lin wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67231/ > ----------------------------------------------------------- > > (Updated May 20, 2018, 11:34 p.m.) > > > Review request for sentry. > > > Bugs: SENTRY-2240 > https://issues.apache.org/jira/browse/SENTRY-2240 > > > Repository: sentry > > > Description > ------- > > User can DROP UDF function under a database that he/she has no access to. > > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java > 5a21dd3e > > sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzPrivilegesMapV2.java > 61278fe0 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java > 09bd9b56 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java > 447deaf5 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java > 4f932ea6 > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java > 3bbf6fb1 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java > e0b584c6 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java > 8306e953 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java > bd0f978e > > > Diff: https://reviews.apache.org/r/67231/diff/1/ > > > Testing > ------- > > Manual testing + updated test cases. > > 1. user can create/drop function if he/she has ALL access to DB > 2. user can't create/drop function if he/she does not have access to DB, nor > tables > 3. user can't create/drop function if he/she only has read access to DB > 4. user can't create/drop function if he/she only has read access to a table > under the DB > 5. user can't create/drop function if he/she does not have access to URI JAR > file > > > Thanks, > > Eric Lin > >
