[
https://issues.apache.org/jira/browse/SENTRY-1241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293078#comment-15293078
]
Dapeng Sun commented on SENTRY-1241:
------------------------------------
According the method {{HiveMetaStore#list_privileges(...)}}, it seems only the
privileges matched with principal_type and principal_name will be return.
https://github.com/apache/hive/blob/b9e4fe856fcf3bb4339c8efebab1138c9dc1e732/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java#L5129
Since we don't support {{grant privilege to user}} and {{grant privilege to
group}} directly, we may can't display any privilege here.
In the case
https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization#SQLStandardBasedHiveAuthorization-ExamplesofManagingObjectPrivileges
{{show grant user ashutosh on table hivejiratable;}}
Only the privileges of {{principal_name=ashutosh&&principal_type=USER}} are
returned, I think these privileges should be granted to
{{principal_name=ashutosh&&principal_type=USER}} directly. For the privileges
are inherited from group or role should not be appeared here...
> Enable Show Grant user in hive binding
> --------------------------------------
>
> Key: SENTRY-1241
> URL: https://issues.apache.org/jira/browse/SENTRY-1241
> Project: Sentry
> Issue Type: New Feature
> Reporter: Sravya Tirukkovalur
>
> This can return both privileges granted through user->role and directly to
> role which user is part of. This syntax is already supported by hive.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
