----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/37058/#review94202 -----------------------------------------------------------
Ship it! Ship It! - Lenni Kuff On Aug. 4, 2015, 4:04 p.m., Ryan Pridgeon wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/37058/ > ----------------------------------------------------------- > > (Updated Aug. 4, 2015, 4:04 p.m.) > > > Review request for sentry. > > > Repository: sentry > > > Description > ------- > > SENTRY-827: Allow Select,Insert and ALL on Server scope priviliges. > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryGrantRevokeTask.java > 2a60a23 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java > 9c2d384 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClientDefaultImpl.java > 09b3d99 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java > f9e8f80 > > Diff: https://reviews.apache.org/r/37058/diff/ > > > Testing > ------- > > Grant ALL , SELECT and INSERT to three different roles, mapped to three > different roles: > > ADMINGROUP:server_all > USERGROUP1:server_select > USERGROUP2:server_insert > > I then checked each level to ensure that they did not reflect that of ALL: > > server_select: Pass SELECT * ; Fail LOAD DATA IN PATH > server_insert: Fail SELECT * ; Pass LOAD DATA IN PATH > server_all: Pass SELECT * ; Pass LOAD DATA IN PATH > > *****admiditly someone had already remedied this. You could still only revoke > ALL form the server scope however*** > > Lastly I ensured that ADMINGROUP could revoke the individual privilige from > the server scope. > > > Thanks, > > Ryan Pridgeon > >
