[
https://issues.apache.org/jira/browse/SENTRY-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16288486#comment-16288486
]
Alexander Kolbasov commented on SENTRY-2097:
--------------------------------------------
It isn't possible to 'revoke' sub-privilege from higher level privilege - this
isn't the way Sentry privilege model is working.
Privileges are ordered:
{
Server -> Database -> Table -> Column
}
When a user wants to define any privilege he/she should remove all existing
privileges on the left - otherwise the new privilege wouldn't be checked. For
example, if user creates column-level privilege, he/she should first remove all
server, database and table level privileges because these take precedence.
There is no "automatic" way to do that.
> Sentry privileges model: Can Sentry take a database privileges away from a
> server privileges?
> ---------------------------------------------------------------------------------------------
>
> Key: SENTRY-2097
> URL: https://issues.apache.org/jira/browse/SENTRY-2097
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Reporter: Sergio Peña
> Assignee: Na Li
> Priority: Critical
>
> Assume I have a user |jack| and a group |datateam|. The
> user |jack| belongs to group |datateam|.
> Use Sentry for authorization.
> |create role admin; grant role admin to group datateam; grant all on
> server server1 to role admin; |
> Now the role |admin| has the following priveleges.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Assume I have this database.
> |create database testdb; |
> It is successful. User |jack| created a database |testdb|.
> Use Sentry to revoke the privileges on |testdb|;
> |revoke all on database `testdb` from role admin; |
> The priveleges is still the same.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Shouldn't Sentry take the privileges on database |testdb| away from the
> server |server1|?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
