[jira] [Updated] (SENTRY-1252) grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified

Sun, 08 May 2016 17:33:34 -0700 

     [ 
https://issues.apache.org/jira/browse/SENTRY-1252?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Hao Hao updated SENTRY-1252:
----------------------------
    Description: 
grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as 
synonyms when action is not explicitly specified. Otherwise, if 
grantServerPrivilege is called without action explicitly specified, and follow 
with a revokeServerPrivilege invocation with action as "ALL" , the server level 
privilege will not be revoked. For example, in impala

{noformat}
When pretty-printing is disabled, you can use the '--output_delimiter' flag to 
set
the delimiter for fields in the same row. The default is ','.
***********************************************************************************
[test.com:21000] > create role test;
Query: create role test

Fetched 0 row(s) in 0.23s
[test.com:21000] > grant select on database default to test;
Query: grant select on database default to test

Fetched 0 row(s) in 0.12s
[test.com:21000] > grant all on server to test;
Query: grant all on server to test

Fetched 0 row(s) in 0.04s
[test.com:21000] > show grant role test;
Query: show grant role test
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
| scope    | database | table | column | uri | privilege | grant_option | 
create_time |
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
| DATABASE | default  |       |        |     | SELECT    | false        | NULL  
      |
| SERVER   |          |       |        |     | ALL       | false        | NULL  
      |
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
Fetched 2 row(s) in 0.08s
[test.com:21000] > revoke all on server from role test;
Query: revoke all on server from role test

Fetched 0 row(s) in 0.14s
[test.com:21000] > show grant role test;
Query: show grant role test
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
| scope    | database | table | column | uri | privilege | grant_option | 
create_time |
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
| DATABASE | default  |       |        |     | SELECT    | false        | NULL  
      |
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
Fetched 1 row(s) in 0.03s
[test.com:21000] > show grant role test;
Query: show grant role test
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
| scope    | database | table | column | uri | privilege | grant_option | 
create_time |
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
| DATABASE | default  |       |        |     | SELECT    | false        | NULL  
      |
+----------+----------+-------+--------+-----+-----------+--------------+-------------+
Fetched 1 row(s) in 0.03s

[FIVE MINUTES ELAPSE]

[test.com21000] > show grant role test;
Query: show grant role test
+--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
| scope  | database | table | column | uri | privilege | grant_option | 
create_time                   |
+--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
| SERVER |          |       |        |     | ALL       | false        | Sun, 
Apr 24 2016 20:24:33.888 |
+--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
Fetched 1 row(s) in 0.05s
{noformat}

> grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as 
> synonyms when action is not explicitly specified
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-1252
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1252
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 1.6.0
>            Reporter: Hao Hao
>
> grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as 
> synonyms when action is not explicitly specified. Otherwise, if 
> grantServerPrivilege is called without action explicitly specified, and 
> follow with a revokeServerPrivilege invocation with action as "ALL" , the 
> server level privilege will not be revoked. For example, in impala
> {noformat}
> When pretty-printing is disabled, you can use the '--output_delimiter' flag 
> to set
> the delimiter for fields in the same row. The default is ','.
> ***********************************************************************************
> [test.com:21000] > create role test;
> Query: create role test
> Fetched 0 row(s) in 0.23s
> [test.com:21000] > grant select on database default to test;
> Query: grant select on database default to test
> Fetched 0 row(s) in 0.12s
> [test.com:21000] > grant all on server to test;
> Query: grant all on server to test
> Fetched 0 row(s) in 0.04s
> [test.com:21000] > show grant role test;
> Query: show grant role test
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | scope    | database | table | column | uri | privilege | grant_option | 
> create_time |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | DATABASE | default  |       |        |     | SELECT    | false        | 
> NULL        |
> | SERVER   |          |       |        |     | ALL       | false        | 
> NULL        |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> Fetched 2 row(s) in 0.08s
> [test.com:21000] > revoke all on server from role test;
> Query: revoke all on server from role test
> Fetched 0 row(s) in 0.14s
> [test.com:21000] > show grant role test;
> Query: show grant role test
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | scope    | database | table | column | uri | privilege | grant_option | 
> create_time |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | DATABASE | default  |       |        |     | SELECT    | false        | 
> NULL        |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> Fetched 1 row(s) in 0.03s
> [test.com:21000] > show grant role test;
> Query: show grant role test
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | scope    | database | table | column | uri | privilege | grant_option | 
> create_time |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | DATABASE | default  |       |        |     | SELECT    | false        | 
> NULL        |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> Fetched 1 row(s) in 0.03s
> [FIVE MINUTES ELAPSE]
> [test.com21000] > show grant role test;
> Query: show grant role test
> +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
> | scope  | database | table | column | uri | privilege | grant_option | 
> create_time                   |
> +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
> | SERVER |          |       |        |     | ALL       | false        | Sun, 
> Apr 24 2016 20:24:33.888 |
> +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
> Fetched 1 row(s) in 0.05s
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to