Review Request 37058: Grant select on Server results in ALL for server

Mon, 03 Aug 2015 17:26:37 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37058/
-----------------------------------------------------------

Review request for sentry.


Repository: sentry


Description
-------

SENTRY-827: Allow Select,Insert and ALL on Server scope priviliges.


Diffs
-----

  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
 2a60a23 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
 9c2d384 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
 09b3d99 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
 f9e8f80 

Diff: https://reviews.apache.org/r/37058/diff/


Testing
-------

Grant ALL , SELECT and INSERT to three different roles, mapped to three 
different roles:

ADMINGROUP:server_all
USERGROUP1:server_select
USERGROUP2:server_insert 

I then checked each level to ensure that they did not reflect that of ALL:

server_select: Pass SELECT * ; Fail LOAD DATA IN PATH
server_insert: Fail SELECT *  ; Pass LOAD DATA IN PATH
server_all: Pass SELECT * ; Pass LOAD DATA IN PATH

*****admiditly someone had already remedied this. You could still only revoke 
ALL form the server scope however***

Lastly I ensured that ADMINGROUP could revoke the individual privilige from the 
server scope.


Thanks,

Ryan Pridgeon

Reply via email to