[
https://issues.apache.org/jira/browse/SENTRY-1243?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sravya Tirukkovalur updated SENTRY-1243:
----------------------------------------
Description:
Following is allowed today: Grant <priv> on <hive_obj> to role <role_name> with
grant;
But it is not possible to delegate admin privilege( ability to do grant/revoke
on an object ) without giving read/write access. One way to achieve this is to
have a special privilege "sentryAdmin" and allow some thing like "Grant
sentryAdmin on db1 to role db1AdminRole"
We should make sure we audit when this delegated admin gives him/herself data
access.
was:
Following is allowed today: Grant <priv> on <hive_obj> to role <role_name> with
grant;
But it is not possible to delegate admin privilege( ability to do grant/revoke
on an object ) without giving read/write access.
We should make sure we audit when this delegated admin gives him/herself data
access.
> Support admin delegation with out granting read/write access
> -------------------------------------------------------------
>
> Key: SENTRY-1243
> URL: https://issues.apache.org/jira/browse/SENTRY-1243
> Project: Sentry
> Issue Type: New Feature
> Components: Hive Binding
> Reporter: Sravya Tirukkovalur
>
> Following is allowed today: Grant <priv> on <hive_obj> to role <role_name>
> with grant;
> But it is not possible to delegate admin privilege( ability to do
> grant/revoke on an object ) without giving read/write access. One way to
> achieve this is to have a special privilege "sentryAdmin" and allow some
> thing like "Grant sentryAdmin on db1 to role db1AdminRole"
> We should make sure we audit when this delegated admin gives him/herself data
> access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
