> On March 20, 2014, 2:44 a.m., Prasad Mujumdar wrote: > > A high level question on the fix: > > You grant all on a table first and then remove SELECT. With this patch you > > end up with only INSERT privilege on that table. Now if this user performs > > an alter table, will it be rejected since the user doesn't have ALL > > privilege anymore ? Is it something we are intentionally changing ?
Yes that is correct. Since ALL is the union of SELECT and INSERT, when SELECT is removed from ALL, I think the end result should be result in INSERT privilege? ALL = SELECT + INSERT ALL - SELECT = INSERT ? - Brock ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/19340/#review37859 ----------------------------------------------------------- On March 19, 2014, 6:19 p.m., Brock Noland wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/19340/ > ----------------------------------------------------------- > > (Updated March 19, 2014, 6:19 p.m.) > > > Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan. > > > Bugs: SENTRY-145 > https://issues.apache.org/jira/browse/SENTRY-145 > > > Repository: sentry > > > Description > ------- > > Normalized REVOKE SELECT/INSERT when user has ALL on table. > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > 9c678d5 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java > 9562783 > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java > f500c2d > > Diff: https://reviews.apache.org/r/19340/diff/ > > > Testing > ------- > > > Thanks, > > Brock Noland > >
