Re: Review Request 25879: SENTRY-355: Support metadata read privilege enforcement for Metastore pluging

Wed, 08 Oct 2014 10:01:01 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25879/#review55812
-----------------------------------------------------------

Ship it!


Thanks for this change, lgtm + a few minor comments. Prasad, do you have 
anything additional?


sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java
<https://reviews.apache.org/r/25879/#comment96188>

    I think usernames should be treated as case-sensitive (that is, don't call 
"toLower()"). Consider adding a test case for username case-sensitivity.



sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java
<https://reviews.apache.org/r/25879/#comment96189>

    userNames should be treated as case-sensitive.



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
<https://reviews.apache.org/r/25879/#comment96193>

    Also add a comment here on what this "accessAllMetaUser" value is used for.



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
<https://reviews.apache.org/r/25879/#comment96195>

    nit: rename "withoutAuthorize" to "withoutAccess" here and in the test 
method name.


- Lenni Kuff


On Oct. 8, 2014, 8 a.m., Colin Ma wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25879/
> -----------------------------------------------------------
> 
> (Updated Oct. 8, 2014, 8 a.m.)
> 
> 
> Review request for sentry, Lenni Kuff, Prasad Mujumdar, and Sravya 
> Tirukkovalur.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> The Metastore plugin currently enforces Sentry policies for metadata 
> modifications. This makes it inconsistent with Hive plugin that support 
> privileges for both metadata read and write.
> We should support the policy enforcement for metadata read as well.
> 
> 
> Diffs
> -----
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/AuthorizingObjectStore.java
>  PRE-CREATION 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/hiveserver/HiveServerFactory.java
>  4c66ffe 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/metastore/TestAuthorizingObjectStore.java
>  PRE-CREATION 
> 
> Diff: https://reviews.apache.org/r/25879/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Colin Ma
> 
>

Reply via email to