[jira] [Created] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role

Wed, 18 Apr 2018 02:17:08 -0700 

Sachin created SENTRY-2204:
------------------------------

             Summary: Revoke 'all/*' on server from role , revokes all 
privileges from the same role
                 Key: SENTRY-2204
                 URL: https://issues.apache.org/jira/browse/SENTRY-2204
             Project: Sentry
          Issue Type: New Feature
          Components: Sentry
            Reporter: Sachin


I have assigned below privileges to one role i.e. role_1;

{noformat}
|+------------------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
|\| database \| table \| partition \| column \| principal_name \| 
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+------------------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 
1523963186544000 \| -- \||
|+------------------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
| |

{noformat}

 

After that executed below command i.e revoke and show grant for the same role

{noformat}

revoke all on server server1 from role role_157;

{noformat}

 

{noformat}
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+--+|
|\| database \| table \| partition \| column \| principal_name \| 
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+--+|
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+--+|
|No rows selected (0.119 seconds)|

{noformat}

 

As you can see from above, if you revoke all on server, it also revokes all the 
other privileges from the same role as well. 

So it is right behaviour? or It should revoke only all/* on server and should 
keep other privileges?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to