> On June 16, 2014, 11:29 p.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java, > > line 289 > > <https://reviews.apache.org/r/22494/diff/4/?file=609398#file609398line289> > > > > Do we also need to do mRole.removePrivilege ?
Apparantly... this is not required (even though it is mentioned in the JDO forum) It looks like the entry is removed from the Db... Also.. the testcases exercise this code-path.. and we see that we really do not need to do the additional mRole.removePrivilege > On June 16, 2014, 11:29 p.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java, > > line 293 > > <https://reviews.apache.org/r/22494/diff/4/?file=609398#file609398line293> > > > > Do we also need to do mRole.removePrivilege ? Same are above.. > On June 16, 2014, 11:29 p.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java, > > line 368 > > <https://reviews.apache.org/r/22494/diff/4/?file=609398#file609398line368> > > > > It would be nice to update this comment per the new patch Will do.. > On June 16, 2014, 11:29 p.m., Prasad Mujumdar wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java, > > line 382 > > <https://reviews.apache.org/r/22494/diff/4/?file=609398#file609398line382> > > > > should we do privilege.removeRole() ? or perhaps call revoke > > recursively ? I am collecting the list of child privileges recursively.. and then updating it outside.. This prevents JDO from Throwing weird exceptions.. - Arun ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22494/#review45839 ----------------------------------------------------------- On June 17, 2014, 5:56 a.m., Arun Suresh wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/22494/ > ----------------------------------------------------------- > > (Updated June 17, 2014, 5:56 a.m.) > > > Review request for sentry, Jarek Cecho, Prasad Mujumdar, and Sravya > Tirukkovalur. > > > Bugs: SENTRY-281 > https://issues.apache.org/jira/browse/SENTRY-281 > > > Repository: sentry > > > Description > ------- > > Fix for SENTRY-281 : > > A revoke on a parent privilege should trickle to the child. > For eg : > > 1) GRANT SELECT on DATABASE db1 to ROLE role1; > 2) REVOKE ALL on SERVER server1 from ROLE role1; > > Should result in zero privileges for role1 > > > Diffs > ----- > > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > 91669d6 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbEndToEnd.java > 46d9332 > > Diff: https://reviews.apache.org/r/22494/diff/ > > > Testing > ------- > > Tested on sentry-hive-tests > > > Thanks, > > Arun Suresh > >
