Re: Review Request 37058: Grant select on Server results in ALL for server

Tue, 04 Aug 2015 09:03:52 -0700 


> On Aug. 4, 2015, 5:53 a.m., Lenni Kuff wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java,
> >  line 2087
> > <https://reviews.apache.org/r/37058/diff/1/?file=1028166#file1028166line2087>
> >
> >     Use javadoc style comments:
> >     /**
> >      * SENTY-827
> >      */

This will comment everything below it out. Instead I will /* SENTRY-827 */, 
unless there is something I am missing


- Ryan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37058/#review93999
-----------------------------------------------------------


On Aug. 4, 2015, 12:26 a.m., Ryan Pridgeon wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37058/
> -----------------------------------------------------------
> 
> (Updated Aug. 4, 2015, 12:26 a.m.)
> 
> 
> Review request for sentry.
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> SENTRY-827: Allow Select,Insert and ALL on Server scope priviliges.
> 
> 
> Diffs
> -----
> 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java
>  2a60a23 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
>  9c2d384 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java
>  09b3d99 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
>  f9e8f80 
> 
> Diff: https://reviews.apache.org/r/37058/diff/
> 
> 
> Testing
> -------
> 
> Grant ALL , SELECT and INSERT to three different roles, mapped to three 
> different roles:
> 
> ADMINGROUP:server_all
> USERGROUP1:server_select
> USERGROUP2:server_insert 
> 
> I then checked each level to ensure that they did not reflect that of ALL:
> 
> server_select: Pass SELECT * ; Fail LOAD DATA IN PATH
> server_insert: Fail SELECT *  ; Pass LOAD DATA IN PATH
> server_all: Pass SELECT * ; Pass LOAD DATA IN PATH
> 
> *****admiditly someone had already remedied this. You could still only revoke 
> ALL form the server scope however***
> 
> Lastly I ensured that ADMINGROUP could revoke the individual privilige from 
> the server scope.
> 
> 
> Thanks,
> 
> Ryan Pridgeon
> 
>

Reply via email to