> On Aug. 4, 2015, 5:53 a.m., Lenni Kuff wrote: > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java, > > line 2117 > > <https://reviews.apache.org/r/37058/diff/1/?file=1028166#file1028166line2117> > > > > Is it interesting to test multiple DBs/TBLs? > > > > Also, this should be: > > for (String db: dbs) <- note the plural on the array name
The idea behind the multiple DBs/TBLs was to show that a select on server actually spanned the entire metastore. i.e. Grant select on Database1 will not grant a group select on a table under Database2. Like wise a Grant select on db1.tbl1 grant a group acess to db1.tbl but not db1.tbl2. However with Grant select on Server I have select accesss on all tables and databases that fall within that sever namespace. I suppose however by showing a select working on db1.tbl1 and db2.tbl1 I accomplish the same with less iterations. - Ryan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/37058/#review93999 ----------------------------------------------------------- On Aug. 4, 2015, 12:26 a.m., Ryan Pridgeon wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/37058/ > ----------------------------------------------------------- > > (Updated Aug. 4, 2015, 12:26 a.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > ------- > > SENTRY-827: Allow Select,Insert and ALL on Server scope priviliges. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java > 2a60a23 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java > 9c2d384 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java > 09b3d99 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java > f9e8f80 > > Diff: https://reviews.apache.org/r/37058/diff/ > > > Testing > ------- > > Grant ALL , SELECT and INSERT to three different roles, mapped to three > different roles: > > ADMINGROUP:server_all > USERGROUP1:server_select > USERGROUP2:server_insert > > I then checked each level to ensure that they did not reflect that of ALL: > > server_select: Pass SELECT * ; Fail LOAD DATA IN PATH > server_insert: Fail SELECT * ; Pass LOAD DATA IN PATH > server_all: Pass SELECT * ; Pass LOAD DATA IN PATH > > *****admiditly someone had already remedied this. You could still only revoke > ALL form the server scope however*** > > Lastly I ensured that ADMINGROUP could revoke the individual privilige from > the server scope. > > > Thanks, > > Ryan Pridgeon > >
