> On June 27, 2018, 1:08 p.m., kalyan kumar kalvagadda wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > > Lines 232-234 (patched) > > <https://reviews.apache.org/r/67646/diff/1/?file=2042347#file2042347line232> > > > > Can you re-phrase this sentense. It is confusing. > > > > You could simple empty list is returned when the use is not found. > > > > Below sentense is not accurate. We end up in this situation when there > > are no privileges granted to the user. Hive can not perform any checks to > > avoid this situation. > > > > "For user checking, Hive must check that the user actually exists > > before calling this API. > > Sergio Pena wrote: > Why Hive cannot perform this? I left the comment that 'Hive must' but not > necessary means that Hive does. This comment is meant to explain Sentry > should not check for the user but Hive should check it. > > kalyan kumar kalvagadda wrote: > Let met re-phrase my previous comment. Comment could be simple. When the > user is not found empty list is returned. API "showPrivileges" is public > which can be used in any way. > > Sentry throws this exception when there are no permissions granted to the > user. What can Hive check in this scenario?
This API is called by 'show grant user user1', so Hive can check if the 'show grant user user1' exists in the Linux system before calling this API. That's the check that Hive must do. - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67646/#review205426 ----------------------------------------------------------- On June 19, 2018, 3:25 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67646/ > ----------------------------------------------------------- > > (Updated June 19, 2018, 3:25 p.m.) > > > Review request for sentry, Arjun Mishra and kalyan kumar kalvagadda. > > > Bugs: sentry-2272 > https://issues.apache.org/jira/browse/sentry-2272 > > > Repository: sentry > > > Description > ------- > > This patch catches the NoSuchObject Exception on the Sentry Hive binding when > the SHOW GRANT USER is executed, and it returns an empty list of privileges > for the requested user so that Hive does not display a nasty error message on > the console. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java > 321701d8662364f0a48899c1d8d5c75cc2ce62ff > > > Diff: https://reviews.apache.org/r/67646/diff/1/ > > > Testing > ------- > > > Thanks, > > Sergio Pena > >
