Re: Review Request 29141: SENTRY-473: Support revoking privilege with grant option

Thu, 12 Mar 2015 02:40:34 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/29141/
-----------------------------------------------------------

(Updated March 12, 2015, 9:38 a.m.)


Review request for sentry, Arun Suresh, Lenni Kuff, Prasad Mujumdar, and Sravya 
Tirukkovalur.


Changes
-------

rebased


Bugs: SENTRY-473
    https://issues.apache.org/jira/browse/SENTRY-473


Repository: sentry


Description
-------

As hive version change to Hive 0.15, we should support revoke privilege with 
grant option like:
REVOKE [GRANT OPTION FOR]
    priv_type [, priv_type ] ...
    ON table_or_view_name
    FROM principal_specification [, principal_specification] ... ;
We should support downgrade grant option for "GRANT OPTION FOR". It means when 
"GRANT OPTION FOR" set, we just modify grant option of this privilege from true 
to false.
use cases:
1. grant ALL on database db1 to role role1;
2. grant ALL on database db1 to role role2 with grant option;
3. revoke grant option for ALL on database db1 from role role1;
4. revoke grant option for ALL on database db1 from role role2;
5. revoke ALL on database db1 from role role2;
After 3rd command executed, role1 still has privilege with action ALL on db1, 
grant option is false.
After 4th command executed, role2 downgrade privilege to grant option is false.
After 5th command executed, role2 will remove privilege with action ALL on db1.


Diffs (updated)
-----

  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
 2a60a23 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
 5898b7e 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 d7937d0 
  
sentry-provider/sentry-provider-db/src/main/resources/sentry_policy_service.thrift
 993ea46 
  
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java
 35319db 
  
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
 02c7535 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestPrivilegeWithGrantOption.java
 5c49f98 

Diff: https://reviews.apache.org/r/29141/diff/


Testing
-------

test cases are included.


Thanks,

Xiaomeng Huang

Reply via email to