[
https://issues.apache.org/jira/browse/IMPALA-7074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam Holley resolved IMPALA-7074.
---------------------------------
Resolution: Fixed
> Update OWNER privilege on CREATE, DROP, and ALTER SET OWNER
> -----------------------------------------------------------
>
> Key: IMPALA-7074
> URL: https://issues.apache.org/jira/browse/IMPALA-7074
> Project: IMPALA
> Issue Type: Sub-task
> Components: Frontend
> Reporter: Fredy Wijaya
> Assignee: Adam Holley
> Priority: Major
> Labels: security
> Fix For: Impala 3.1.0
>
>
> When objects are created and owner privilege is enabled in sentry, we should
> create an owner privilege in the catalog without waiting for the next sentry
> poll to get the owner privilege. This should also be done for DROP DB/Table,
> and ALTER DB/Table set owner. These privileges should mirror the privileges
> that are created in Sentry. As with other GRANT operations, the results of
> the "SHOW GRANT ROLE" statements will have a create date of NULL for
> privileges that have not been refreshed from Sentry.
> For this Jira, we're adding code to the various catalog operations to create
> or remove privileges as necessary. Because catalogd does not have the
> server_name set, we opted to pass the server_name as part of the catalog
> operations so the catalog is able to create the privileges.
> Additionally, because we want to ensure consistency with the sentry, we grab
> the SentryOwnerPrivilegeType from sentry instead of reading from the local
> config file.
> This change requires a new series of tests that will execute both with and
> without data refreshed from Sentry privilege database.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
