[
https://issues.apache.org/jira/browse/SENTRY-1241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15292786#comment-15292786
]
Sravya Tirukkovalur edited comment on SENTRY-1241 at 5/20/16 6:16 AM:
----------------------------------------------------------------------
Not exactly, if you look at the output schema, it also has a principal_type and
principal_name.
So, if these are the rules for example:
table1->insert = role1, role1 = group1, group1 = user1 and
table1->select = role2, role2 = user1
The output should look like:
{noformat}
+------------+---------+-----------+----------+---------------------+--------------------+-----------+-----------------+---------------+----------+
| database | table| partition | column |principal_name| principal_type |
privilege | grant_option| grant_time | grantor |
+-------------+--------+-----------+----------+----------------------+-------------------+------------+----------------+---------------+-----------+
| db1 | table1 | | | role1 | role | insert
| | | |
| db1 | table1 | | | role2 | role | select
| | | |
+-------------+--------+-----------+----------+----------------------+-------------------+------------+----------------+---------------+-----------+
{noformat}
Does that make sense?
was (Author: sravya):
Not exactly, if you look at the output schema, it also has a principal_type and
principal_name.
So, if these are the rules for example:
table1->insert = role1, role1 = group1, group1 = user1 and
table1->select = role2, role2 = user1
The output should look like:
{noformat}
+------------+---------+-----------+----------+---------------------+--------------------+-----------+-----------------+---------------+----------+
| database | table | partition | column | principal_name | principal_type |
privilege | grant_option| grant_time | grantor |
+-------------+--------+-----------+----------+----------------------+-------------------+------------+----------------+---------------+-----------+
| db1 | table1 | | | role1 |
role | insert | | |
|
| db1 | table1 | | | role2 |
role | select | | |
|
+-------------+--------+-----------+----------+----------------------+-------------------+------------+----------------+---------------+-----------+
{noformat}
Does that make sense?
> Enable Show Grant user in hive binding
> --------------------------------------
>
> Key: SENTRY-1241
> URL: https://issues.apache.org/jira/browse/SENTRY-1241
> Project: Sentry
> Issue Type: New Feature
> Reporter: Sravya Tirukkovalur
>
> This can return both privileges granted through user->role and directly to
> role which user is part of. This syntax is already supported by hive.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
