----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22494/#review45839 -----------------------------------------------------------
A new comments below. I guess there's lot of overlap with SENTRY-162 proposed patch (https://reviews.apache.org/r/22550/) with finding child privileges sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java <https://reviews.apache.org/r/22494/#comment80831> Do we need the check for string "ALL" here ? sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java <https://reviews.apache.org/r/22494/#comment80832> Do we also need to do mRole.removePrivilege ? sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java <https://reviews.apache.org/r/22494/#comment80833> Do we also need to do mRole.removePrivilege ? sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java <https://reviews.apache.org/r/22494/#comment80848> It would be nice to update this comment per the new patch sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java <https://reviews.apache.org/r/22494/#comment80870> should we do privilege.removeRole() ? or perhaps call revoke recursively ? - Prasad Mujumdar On June 13, 2014, 4:29 p.m., Arun Suresh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/22494/ > ----------------------------------------------------------- > > (Updated June 13, 2014, 4:29 p.m.) > > > Review request for sentry, Jarek Cecho, Prasad Mujumdar, and Sravya > Tirukkovalur. > > > Bugs: SENTRY-281 > https://issues.apache.org/jira/browse/SENTRY-281 > > > Repository: sentry > > > Description > ------- > > Fix for SENTRY-281 : > > A revoke on a parent privilege should trickle to the child. > For eg : > > 1) GRANT SELECT on DATABASE db1 to ROLE role1; > 2) REVOKE ALL on SERVER server1 from ROLE role1; > > Should result in zero privileges for role1 > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > 91669d6 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java > 46d9332 > > Diff: https://reviews.apache.org/r/22494/diff/ > > > Testing > ------- > > Tested on sentry-hive-tests > > > Thanks, > > Arun Suresh > >
