> On June 27, 2018, 1:08 p.m., kalyan kumar kalvagadda wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 230 (patched) > > <https://reviews.apache.org/r/67646/diff/1/?file=2042347#file2042347line230> > > > > Could you change the comment as below. > > > > Sentry only stores user information when privileges are granted.User is > > deleted when there are no privileges associated to avoid stale data. > > Sergio Pena wrote: > Is it necessary to change this? Both comments are correct.
The comment says "deletes the user when privileges are deleted". This is not clear. we delete the user when all the privileges assocated with the user are deleted. > On June 27, 2018, 1:08 p.m., kalyan kumar kalvagadda wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 232-234 (patched) > > <https://reviews.apache.org/r/67646/diff/1/?file=2042347#file2042347line232> > > > > Can you re-phrase this sentense. It is confusing. > > > > You could simple empty list is returned when the use is not found. > > > > Below sentense is not accurate. We end up in this situation when there > > are no privileges granted to the user. Hive can not perform any checks to > > avoid this situation. > > > > "For user checking, Hive must check that the user actually exists > > before calling this API. > > Sergio Pena wrote: > Why Hive cannot perform this? I left the comment that 'Hive must' but not > necessary means that Hive does. This comment is meant to explain Sentry > should not check for the user but Hive should check it. Let met re-phrase my previous comment. Comment could be simple. When the user is not found empty list is returned. API "showPrivileges" is public which can be used in any way. Sentry throws this exception when there are no permissions granted to the user. What can Hive check in this scenario? - kalyan kumar ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67646/#review205426 ----------------------------------------------------------- On June 19, 2018, 3:25 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67646/ > ----------------------------------------------------------- > > (Updated June 19, 2018, 3:25 p.m.) > > > Review request for sentry, Arjun Mishra and kalyan kumar kalvagadda. > > > Bugs: sentry-2272 > https://issues.apache.org/jira/browse/sentry-2272 > > > Repository: sentry > > > Description > ------- > > This patch catches the NoSuchObject Exception on the Sentry Hive binding when > the SHOW GRANT USER is executed, and it returns an empty list of privileges > for the requested user so that Hive does not display a nasty error message on > the console. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > 321701d8662364f0a48899c1d8d5c75cc2ce62ff > > > Diff: https://reviews.apache.org/r/67646/diff/1/ > > > Testing > ------- > > > Thanks, > > Sergio Pena > >
