> On June 15, 2018, 9:02 p.m., kalyan kumar kalvagadda wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > > Line 206 (original), 211 (patched) > > <https://reviews.apache.org/r/67134/diff/7/?file=2041079#file2041079line211> > > > > show grant on <obj> should show privileges granted to users as well. > > Please change this condition to allow PrincipleType.User. > > > > Method "showPrivilegesByPrincipal" which you are invokind supports that.
So that will be a different ticket to support SHOW GRANT USER <user_name>. This ticket is to focus on SHOW GRANT ON <object_name>. If you still think it is required in this ticket please let me know > On June 15, 2018, 9:02 p.m., kalyan kumar kalvagadda wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 271-272 (patched) > > <https://reviews.apache.org/r/67134/diff/7/?file=2041080#file2041080line271> > > > > I did not follow the comments from sergio. If there is a reason for > > adding new method for this instead of re-using showPrivilegesByPrincipal? Kalyan, showPriviliegesForObject implementation is very different from showPriviliegesForPrincipal. authorizableSet cannot be empty. We also use sentryClient.listPrivilegsbyAuthorizable instead of sentryClient.listPrivilegesByRoleName or sentryClient.listPrivilegesByUserName. Also the part where we covert to hive privilege info is different - Arjun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67134/#review204870 ----------------------------------------------------------- On June 15, 2018, 8:08 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67134/ > ----------------------------------------------------------- > > (Updated June 15, 2018, 8:08 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda, Na Li, Steve Moist, and > Sergio Pena. > > > Repository: sentry > > > Description > ------- > > Currently Sentry doesn't support Hive command to show privileges on > authorizables without mentioning any role or user name > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java > 23246c903 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > f0b4b4466 > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java > 2e3fd7f36 > > sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java > 6f38ed20d > > sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java > 45dce0e7c > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestShowGrants.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/67134/diff/7/ > > > Testing > ------- > > $ mvn -f sentry-binding/pom.xml test > $ mvn -f sentry-provider/pom.xml test > > > Thanks, > > Arjun Mishra > >
