[jira] [Created] (SENTRY-1549) Attempt to remove privilege fails on role access

Alexander Kolbasov (JIRA) Mon, 28 Nov 2016 20:43:12 -0800

Alexander Kolbasov created SENTRY-1549:
------------------------------------------


             Summary: Attempt to remove privilege fails on role access
                 Key: SENTRY-1549
                 URL: https://issues.apache.org/jira/browse/SENTRY-1549
             Project: Sentry
          Issue Type: Bug
          Components: Sentry
    Affects Versions: 1.8.0
            Reporter: Alexander Kolbasov
             Fix For: sentry-ha-redesign


I was trying to remove a privilege from a role. This privilege had only WITH 
GRANT OPTION set. It was done using Thrift API. The result was interesting:

{code}
TransactionManager.executeTransactionWithRetry(TransactionManager.java:102)] 
The transaction has reac
hed max retry number, will not retry again.
javax.jdo.JDODetachedFieldAccessException: You have just attempted to access 
field "roles" yet this field was not detached when you detached the object. 
Either dont access this field, or detach it when detaching the object.
        at 
org.apache.sentry.provider.db.service.model.MSentryPrivilege.jdoGetroles(MSentryPrivilege.java)
        at 
org.apache.sentry.provider.db.service.model.MSentryPrivilege.removeRole(MSentryPrivilege.java:173)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.revokePrivilegeFromRole(SentryStore.java:570)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:498)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.access$800(SentryStore.java:95)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore$9.execute(SentryStore.java:458)
        at 
org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:72)
        at 
org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:93)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:451)
        at 
org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:344)
        at 
org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1257)
        at 
org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1242)
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at 
org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
        at 
org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
        at 
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
{code}
{code}
2016-11-28 20:35:52,439 (pool-7-thread-10) [ERROR - 
org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:384)]
 Unknown error for request: 
TAlterSentryRoleRevokePrivilegeRequest(protocol_version:2, 
requestorUserName:akolb, roleName:r3, 
privilege:TSentryPrivilege(privilegeScope:, serverName:, dbName:, tableName:, 
URI:, action:, grantOption:TRUE, columnName:), 
privileges:[TSentryPrivilege(privilegeScope:, serverName:, dbName:, tableName:, 
URI:, action:, grantOption:TRUE, columnName:)]), message: The transaction has 
reached max retry number, will not retry again.
{code}
{code}
java.lang.Exception: The transaction has reached max retry number, will not 
retry again.
        at 
org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:103)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:451)
        at 
org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:344)
        at 
org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1257)
        at 
org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1242)
        at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
        at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
        at 
org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
        at 
org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
        at 
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.jdo.JDODetachedFieldAccessException: You have just attempted 
to access field "roles" yet this field was not detached when you detached the 
object. Either dont access this field, or detach it when detaching the object.
        at 
org.apache.sentry.provider.db.service.model.MSentryPrivilege.jdoGetroles(MSentryPrivilege.java)
        at 
org.apache.sentry.provider.db.service.model.MSentryPrivilege.removeRole(MSentryPrivilege.java:173)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.revokePrivilegeFromRole(SentryStore.java:570)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:498)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore.access$800(SentryStore.java:95)
        at 
org.apache.sentry.provider.db.service.persistent.SentryStore$9.execute(SentryStore.java:458)
        at 
org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:72)
        at 
org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:93)
        ... 12 more
2016-11-28 20:35:52,440 (pool-7-thread-10) [INFO - 
org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:394)]
 
{"serviceName":"Sentry-Service","userName":"akolb","impersonator":"","ipAddress":"/127.0.0.1","operation":"REVOKE_PRIVILEGE","eventTime":"1480394152439","operationText":"REVOKE
  ON   FROM ROLE r3 WITH GRANT 
OPTION","allowed":"false","databaseName":"","tableName":"","column":null,"resourcePath":"","objectType":"PRINCIPAL"}
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SENTRY-1549) Attempt to remove privilege fails on role access

Reply via email to