[jira] [Commented] (SENTRY-1252) grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified

Mon, 16 May 2016 18:07:32 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-1252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15285787#comment-15285787
 ] 

Anne Yu commented on SENTRY-1252:
---------------------------------

One qq:

{code}
 @Deprecated
567       /***
568        * Should use revokeServerPrivilege(String requestorUserName,
569        *  String roleName, String server, String action, Boolean 
grantOption)
570        */
538       public synchronized void revokeServerPrivilege(String 
requestorUserName,      571       public synchronized void 
revokeServerPrivilege(String requestorUserName,
539           String roleName, String server, boolean grantOption)      572     
      String roleName, String server, boolean grantOption)
540       throws SentryUserException {  573       throws SentryUserException {
{code}

revokeServerPrivilege is a public API, so it is not used for any downstream 
service and client?


> grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as 
> synonyms when action is not explicitly specified
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-1252
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1252
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 1.6.0
>            Reporter: Hao Hao
>            Assignee: Hao Hao
>         Attachments: SENTRY-1252.0.patch
>
>
> grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as 
> synonyms when action is not explicitly specified. Otherwise, if 
> grantServerPrivilege is called without action explicitly specified, and 
> follow with a revokeServerPrivilege invocation with action as "ALL" , the 
> server level privilege will not be revoked. For example, in impala
> {noformat}
> When pretty-printing is disabled, you can use the '--output_delimiter' flag 
> to set
> the delimiter for fields in the same row. The default is ','.
> ***********************************************************************************
> [test.com:21000] > create role test;
> Query: create role test
> Fetched 0 row(s) in 0.23s
> [test.com:21000] > grant select on database default to test;
> Query: grant select on database default to test
> Fetched 0 row(s) in 0.12s
> [test.com:21000] > grant all on server to test;
> Query: grant all on server to test
> Fetched 0 row(s) in 0.04s
> [test.com:21000] > show grant role test;
> Query: show grant role test
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | scope    | database | table | column | uri | privilege | grant_option | 
> create_time |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | DATABASE | default  |       |        |     | SELECT    | false        | 
> NULL        |
> | SERVER   |          |       |        |     | ALL       | false        | 
> NULL        |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> Fetched 2 row(s) in 0.08s
> [test.com:21000] > revoke all on server from role test;
> Query: revoke all on server from role test
> Fetched 0 row(s) in 0.14s
> [test.com:21000] > show grant role test;
> Query: show grant role test
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | scope    | database | table | column | uri | privilege | grant_option | 
> create_time |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | DATABASE | default  |       |        |     | SELECT    | false        | 
> NULL        |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> Fetched 1 row(s) in 0.03s
> [test.com:21000] > show grant role test;
> Query: show grant role test
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | scope    | database | table | column | uri | privilege | grant_option | 
> create_time |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> | DATABASE | default  |       |        |     | SELECT    | false        | 
> NULL        |
> +----------+----------+-------+--------+-----+-----------+--------------+-------------+
> Fetched 1 row(s) in 0.03s
> [FIVE MINUTES ELAPSE]
> [test.com21000] > show grant role test;
> Query: show grant role test
> +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
> | scope  | database | table | column | uri | privilege | grant_option | 
> create_time                   |
> +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
> | SERVER |          |       |        |     | ALL       | false        | Sun, 
> Apr 24 2016 20:24:33.888 |
> +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
> Fetched 1 row(s) in 0.05s
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to