[jira] [Commented] (SENTRY-2097) Sentry privileges model: Can Sentry take a database privileges away from a server privileges?

Tue, 12 Dec 2017 15:29:12 -0800 

    [ 
https://issues.apache.org/jira/browse/SENTRY-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16288467#comment-16288467
 ] 

Na Li commented on SENTRY-2097:
-------------------------------

We should document this, so user won't revoke privileges in this way

To fix this issue, require the following changes
1) Revoke behavior
Need to store revoked privileges

2) Privilege checking behavior
Follow the authorization object hierarchy. The finest granularity matched 
privilege determines the access. 

> Sentry privileges model: Can Sentry take a database privileges away from a 
> server privileges?
> ---------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-2097
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2097
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>            Reporter: Sergio Peña
>            Assignee: Na Li
>            Priority: Critical
>
> Assume I have a user |jack| and a group |datateam|. The
> user |jack| belongs to group |datateam|.
> Use Sentry for authorization.
> |create role admin; grant role admin to group datateam; grant all on
> server server1 to role admin; |
> Now the role |admin| has the following priveleges.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Assume I have this database.
> |create database testdb; |
> It is successful. User |jack| created a database |testdb|.
> Use Sentry to revoke the privileges on |testdb|;
> |revoke all on database `testdb` from role admin; |
> The priveleges is still the same.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Shouldn't Sentry take the privileges on database |testdb| away from the
> server |server1|?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to