----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68367/#review207428 -----------------------------------------------------------
sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java Lines 74-80 (patched) <https://reviews.apache.org/r/68367/#comment290814> Why do we need to bring this thread local here? is there another way to get a list of the privileges without this variable? Why is it trhead local btw? sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java Lines 429 (patched) <https://reviews.apache.org/r/68367/#comment290815> Is there an example of the message that will be printed? I think it would be useful to get some examples and ask a technical writer feedback about it. I feel we'll have unorganized information in the output. sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java Lines 464 (patched) <https://reviews.apache.org/r/68367/#comment290817> That hard-coded value looks like one of our server names. Can we use a fake name? sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java Lines 78-79 (patched) <https://reviews.apache.org/r/68367/#comment290816> Is it necessary to expose this to the interface? - Sergio Pena On Aug. 15, 2018, 10:23 p.m., Na Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68367/ > ----------------------------------------------------------- > > (Updated Aug. 15, 2018, 10:23 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Sergio > Pena. > > > Bugs: sentry-2354 > https://issues.apache.org/jira/browse/sentry-2354 > > > Repository: sentry > > > Description > ------- > > When multiple privileges are required on a Hive operation, return the > privilege that failed access check and the required privileges not checked > yet (they may fail the access check, or may not. We don't check those > privileges to avoid unnecessary overhead) > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java > 6a1556f > > sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java > 3bbf6fb > > sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java > aecfe5b > > sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java > 61400ca > > sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java > 1e1aa63 > > > Diff: https://reviews.apache.org/r/68367/diff/1/ > > > Testing > ------- > > Add test case that verifies the behavior stated above. All test cases in > TestHiveAuthzBindings passed > > > Thanks, > > Na Li > >
