> On June 20, 2014, 11:57 p.m., Sravya Tirukkovalur wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java, > > line 1329 > > <https://reviews.apache.org/r/22550/diff/4/?file=613065#file613065line1329> > > > > Do we want to also drop the privilege objects from jdo along with > > removing the mapping?
Currently we don't do this even for explicit revoke. The privilege.roles for some reason is not populated by data nucleus. We need some ref counting in order to identify orphaned privilege. There's a separate ticket to track that already. > On June 20, 2014, 11:57 p.m., Sravya Tirukkovalur wrote: > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java, > > line 1337 > > <https://reviews.apache.org/r/22550/diff/4/?file=613065#file613065line1337> > > > > How are we handling action here? Authorizable doesnt have the action > > context where as action is required in TSentryPrivilege. It gets handled in constructPrivilegeName() we set action to ALL if it's not set. - Prasad ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/22550/#review46346 ----------------------------------------------------------- On June 19, 2014, 6:10 p.m., Prasad Mujumdar wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/22550/ > ----------------------------------------------------------- > > (Updated June 19, 2014, 6:10 p.m.) > > > Review request for sentry, Arun Suresh and Sravya Tirukkovalur. > > > Bugs: SENTRY-162 > https://issues.apache.org/jira/browse/SENTRY-162 > > > Repository: sentry > > > Description > ------- > > Sentry store supports a new method to drop the privileges and role mapping > for given Authorizable object. > The new API is exposed over thrift and implemented in sentry service and > client > Metastore post even hook call this API to remove the privileges related to > object being dropped > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > c126743 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentryMetastorePostEventListener.java > PRE-CREATION > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java > 6679193 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > fb8cfc2 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java > 27f617f > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java > 097056b > > sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift > 86ff221 > > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java > 35ba83a > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDbPrivilegeCleanupOnDrop.java > PRE-CREATION > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java > fd969a6 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestExportImportPrivileges.java > b6c985e > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java > 0165806 > > Diff: https://reviews.apache.org/r/22550/diff/ > > > Testing > ------- > > Added unit tests and E2E tests. > > > Thanks, > > Prasad Mujumdar > >
