> On Aug. 13, 2018, 11:25 p.m., Na Li wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java > > Line 104 (original), 104 (patched) > > <https://reviews.apache.org/r/68332/diff/1/?file=2072166#file2072166line104> > > > > does Alter apply to column?
Yes, a user with ALTER privileges should be able to view column metadata. ALTER Is used to change column names, add columns ,etc; so they need to be able to see what they can change. > On Aug. 13, 2018, 11:25 p.m., Na Li wrote: > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java > > Lines 177 (patched) > > <https://reviews.apache.org/r/68332/diff/1/?file=2072167#file2072167line177> > > > > should Drop be included as well? I don't see a need for a user with DROP privileges to be able to view the column names and the rest of the table metadata. If a user has DROP privileges, then they should only see the table with the SHOW TABLES. - Sergio ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68332/#review207179 ----------------------------------------------------------- On Aug. 13, 2018, 10:49 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68332/ > ----------------------------------------------------------- > > (Updated Aug. 13, 2018, 10:49 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li. > > > Bugs: sentry-2352 > https://issues.apache.org/jira/browse/sentry-2352 > > > Repository: sentry > > > Description > ------- > > Added the following matrix of privileges on the DESCRIBE TABLE and SHOW > TABLES: > > DESCRIBE table allowed and not allowed privileges: > > { null, NOT_ALLOWED }, // Means no privileges > { DBModelAction.ALL, ALLOWED }, > { DBModelAction.CREATE, NOT_ALLOWED }, > { DBModelAction.SELECT, ALLOWED }, > { DBModelAction.INSERT, ALLOWED }, > { DBModelAction.ALTER, ALLOWED }, > { DBModelAction.DROP, NOT_ALLOWED }, > { DBModelAction.INDEX, NOT_ALLOWED }, > { DBModelAction.LOCK, NOT_ALLOWED }, > > SHOW TABLES allowed and not allowed privileges: > > { null, NOT_ALLOWED }, // Means no privileges > { DBModelAction.ALL, ALLOWED }, > { DBModelAction.CREATE, NOT_ALLOWED }, > { DBModelAction.SELECT, ALLOWED }, > { DBModelAction.INSERT, ALLOWED }, > { DBModelAction.ALTER, ALLOWED }, > { DBModelAction.DROP, ALLOWED }, > { DBModelAction.INDEX, ALLOWED }, > { DBModelAction.LOCK, ALLOWED }, > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java > 1ab5be35dcb7991f723c0bb885ed2a15c6f5873a > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java > 447deaf5831675257be1bbb05934a1ab4826fe9e > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java > 78742fdacd72531eed4a7dde86871a57cf54493b > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestDescribeMetadataPrivileges.java > PRE-CREATION > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java > PRE-CREATION > > > Diff: https://reviews.apache.org/r/68332/diff/1/ > > > Testing > ------- > > > Thanks, > > Sergio Pena > >