Re: Review Request 67231: SENTRY-2240 - User can DROP function under a database that he/she has no access

Mon, 21 May 2018 18:17:31 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67231/
-----------------------------------------------------------

(Updated May 22, 2018, 1:16 a.m.)


Review request for sentry.


Changes
-------

reverted changes to V2 classes based Na Li's review.


Summary (updated)
-----------------

SENTRY-2240 - User can DROP function under a database that he/she has no access


Bugs: SENTRY-2240
    https://issues.apache.org/jira/browse/SENTRY-2240


Repository: sentry


Description
-------

User can DROP UDF function under a database that he/she has no access to.

I created it as separate JIRA from SENTRY-781 due to changes are quite 
different.


Diffs (updated)
-----

  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
 09bd9b56 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
 447deaf5 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java
 4f932ea6 
  
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
 3bbf6fb1 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java
 e0b584c6 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java
 8306e953 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java
 bd0f978e 


Diff: https://reviews.apache.org/r/67231/diff/2/

Changes: https://reviews.apache.org/r/67231/diff/1-2/


Testing
-------

Manual testing + updated test cases.

1. user can create/drop function if he/she has ALL access to DB
2. user can't create/drop function if he/she does not have access to DB, nor 
tables
3. user can't create/drop function if he/she only has read access to DB
4. user can't create/drop function if he/she only has read access to a table 
under the DB
5. user can't create/drop function if he/she does not have access to URI JAR 
file


Thanks,

Eric Lin

Reply via email to