[jira] [Commented] (SENTRY-1825) Dropping a Hive database/table doesn't cleanup the permissions associated with it

Fri, 14 Jul 2017 14:55:23 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-1825?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16088166#comment-16088166
 ] 

Hadoop QA commented on SENTRY-1825:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12877386/SENTRY-1825.002-sentry-ha-redesign.patch
 against sentry-ha-redesign.

{color:green}Overall:{color} +1 all checks pass

{color:green}SUCCESS:{color} all tests passed

Console output: 
https://builds.apache.org/job/PreCommit-SENTRY-Build/3043/console

This message is automatically generated.

> Dropping a Hive database/table doesn't cleanup the permissions associated 
> with it 
> ----------------------------------------------------------------------------------
>
>                 Key: SENTRY-1825
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1825
>             Project: Sentry
>          Issue Type: Sub-task
>    Affects Versions: sentry-ha-redesign
>            Reporter: Vamsee Yarlagadda
>            Assignee: Na Li
>            Priority: Critical
>              Labels: sentry-ha
>         Attachments: SENTRY-1825.001-sentry-ha-redesign.patch, 
> SENTRY-1825.002-sentry-ha-redesign.patch
>
>
> Sasha helped in finding this bug. Looks like dropping a database/table does 
> no longer clean up the privileges associated with it.
> This problem is because of:
> https://github.com/apache/sentry/blob/sentry-ha-redesign/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java#L126-L127
> {code}
> final HiveConf hiveConf = new HiveConf();
>     hiveInstance = 
> hiveConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar());
> {code}
> With the latest redesign, we are only setting this property on Hive's 
> (sentry-site.xml) and not on Sentry's (sentry-site.xml).
> So during permission grants, Hive ensures to supply the *server1* for 
> permission updates. But when we drop the table/database that has the perms 
> attached, it goes through HMSFollower and this code sets the property as NULL 
> as sentry-site.xml doesn't have this set. So it attempts to remove 
> permissions with NULL server setting and this always returns without deleting 
> anything. 
> We need to ensure that the corresponding property is set on both (Sentry, 
> Hive) sentry-site.xml to ensure referring to proper privileges. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to