[jira] [Comment Edited] (SENTRY-1825) Dropping a Hive database/table doesn't cleanup the permissions associated with it

Thu, 29 Jun 2017 14:50:19 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-1825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16069035#comment-16069035
 ] 

Alexander Kolbasov edited comment on SENTRY-1825 at 6/29/17 9:49 PM:
---------------------------------------------------------------------

CM always sets this as {{hive.sentry.server}}. It is present in sentry-site.xml 
which is generated for hive (but not in Sentry's sentry-site.xml file).


was (Author: akolb):
CM always sets this as {{hive.sentry.server}}.

> Dropping a Hive database/table doesn't cleanup the permissions associated 
> with it 
> ----------------------------------------------------------------------------------
>
>                 Key: SENTRY-1825
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1825
>             Project: Sentry
>          Issue Type: Sub-task
>    Affects Versions: sentry-ha-redesign
>            Reporter: Vamsee Yarlagadda
>            Assignee: Na Li
>            Priority: Critical
>              Labels: sentry-ha
>
> Sasha helped in finding this bug. Looks like dropping a database/table does 
> no longer clean up the privileges associated with it.
> This problem is because of:
> https://github.com/apache/sentry/blob/sentry-ha-redesign/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java#L126-L127
> {code}
> final HiveConf hiveConf = new HiveConf();
>     hiveInstance = 
> hiveConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar());
> {code}
> With the latest redesign, we are only setting this property on Hive's 
> (sentry-site.xml) and not on Sentry's (sentry-site.xml).
> So during permission grants, Hive ensures to supply the *server1* for 
> permission updates. But when we drop the table/database that has the perms 
> attached, it goes through HMSFollower and this code sets the property as NULL 
> as sentry-site.xml doesn't have this set. So it attempts to remove 
> permissions with NULL server setting and this always returns without deleting 
> anything. 
> We need to ensure that the corresponding property is set on both (Sentry, 
> Hive) sentry-site.xml to ensure referring to proper privileges. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to