----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33622/#review81844 -----------------------------------------------------------
Patch overall looks fine. A couple of comments/suggestions - - Since we are allowing RELOAD, we should add hive.reloadable.aux.jars.path (ConfVars.HIVERELOADABLEJARS) to the restrict list. Otherwise this would become a loophole to load unauthorized jars in HiveServer2. - I think we should also allow 'ADD FILE[S]' and 'LIST FILE[S]' since the transform now enforces the URI privilege when the file is actually invoked in a query. - Prasad Mujumdar On April 28, 2015, 9:04 a.m., Dapeng Sun wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/33622/ > ----------------------------------------------------------- > > (Updated April 28, 2015, 9:04 a.m.) > > > Review request for sentry, Colin Ma and Prasad Mujumdar. > > > Bugs: SENTRY-702 > https://issues.apache.org/jira/browse/SENTRY-702 > > > Repository: sentry > > > Description > ------- > > Read whitelist from SENTRY configuration. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingSessionHook.java > 0fa4a87 > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > 0a3b509 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestReloadPrivileges.java > PRE-CREATION > > Diff: https://reviews.apache.org/r/33622/diff/ > > > Testing > ------- > > > Thanks, > > Dapeng Sun > >
