[jira] [Updated] (SENTRY-1549) Attempt to remove privilege fails on role access

Mathew Crocker (JIRA) Mon, 03 Apr 2017 11:20:12 -0700

     [ 
https://issues.apache.org/jira/browse/SENTRY-1549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Mathew Crocker updated SENTRY-1549:
-----------------------------------
    Fix Version/s:     (was: sentry-ha-redesign)

> Attempt to remove privilege fails on role access
> ------------------------------------------------
>
>                 Key: SENTRY-1549
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1549
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 1.8.0
>            Reporter: Alexander Kolbasov
>
> I was trying to remove a privilege from a role. This privilege had only WITH 
> GRANT OPTION set. It was done using Thrift API. The result was interesting:
> {code}
> TransactionManager.executeTransactionWithRetry(TransactionManager.java:102)] 
> The transaction has reac
> hed max retry number, will not retry again.
> javax.jdo.JDODetachedFieldAccessException: You have just attempted to access 
> field "roles" yet this field was not detached when you detached the object. 
> Either dont access this field, or detach it when detaching the object.
>         at 
> org.apache.sentry.provider.db.service.model.MSentryPrivilege.jdoGetroles(MSentryPrivilege.java)
>         at 
> org.apache.sentry.provider.db.service.model.MSentryPrivilege.removeRole(MSentryPrivilege.java:173)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.revokePrivilegeFromRole(SentryStore.java:570)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:498)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.access$800(SentryStore.java:95)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore$9.execute(SentryStore.java:458)
>         at 
> org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:72)
>         at 
> org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:93)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:451)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:344)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1257)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1242)
>         at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
>         at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
>         at 
> org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
>         at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> {code}
> {code}
> 2016-11-28 20:35:52,439 (pool-7-thread-10) [ERROR - 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:384)]
>  Unknown error for request: 
> TAlterSentryRoleRevokePrivilegeRequest(protocol_version:2, 
> requestorUserName:akolb, roleName:r3, 
> privilege:TSentryPrivilege(privilegeScope:, serverName:, dbName:, tableName:, 
> URI:, action:, grantOption:TRUE, columnName:), 
> privileges:[TSentryPrivilege(privilegeScope:, serverName:, dbName:, 
> tableName:, URI:, action:, grantOption:TRUE, columnName:)]), message: The 
> transaction has reached max retry number, will not retry again.
> {code}
> {code}
> java.lang.Exception: The transaction has reached max retry number, will not 
> retry again.
>         at 
> org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:103)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:451)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:344)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1257)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1242)
>         at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
>         at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
>         at 
> org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
>         at 
> org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
>         at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.jdo.JDODetachedFieldAccessException: You have just attempted 
> to access field "roles" yet this field was not detached when you detached the 
> object. Either dont access this field, or detach it when detaching the object.
>         at 
> org.apache.sentry.provider.db.service.model.MSentryPrivilege.jdoGetroles(MSentryPrivilege.java)
>         at 
> org.apache.sentry.provider.db.service.model.MSentryPrivilege.removeRole(MSentryPrivilege.java:173)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.revokePrivilegeFromRole(SentryStore.java:570)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:498)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore.access$800(SentryStore.java:95)
>         at 
> org.apache.sentry.provider.db.service.persistent.SentryStore$9.execute(SentryStore.java:458)
>         at 
> org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:72)
>         at 
> org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:93)
>         ... 12 more
> 2016-11-28 20:35:52,440 (pool-7-thread-10) [INFO - 
> org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:394)]
>  
> {"serviceName":"Sentry-Service","userName":"akolb","impersonator":"","ipAddress":"/127.0.0.1","operation":"REVOKE_PRIVILEGE","eventTime":"1480394152439","operationText":"REVOKE
>   ON   FROM ROLE r3 WITH GRANT 
> OPTION","allowed":"false","databaseName":"","tableName":"","column":null,"resourcePath":"","objectType":"PRINCIPAL"}
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (SENTRY-1549) Attempt to remove privilege fails on role access

Reply via email to