Na Li created SENTRY-2391:
-----------------------------
Summary: User without any privileges can drop a function
Key: SENTRY-2391
URL: https://issues.apache.org/jira/browse/SENTRY-2391
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.1.0
Reporter: Na Li
Assignee: Na Li
Pre-req:
1. login as an admin.
2. create a DB as db1 and then create a function func1
3. create new role and then grant role to new test user.
Steps:
1. Login as test user.
2. Run query : DROP FUNCTION db1.func1;
Actual : Function dropped.
Expected : should not allow drop.
DROP should be allowed only when user has ALL on SERVER or DB.
"anyone can drop a function" is not a security hole, as it does not allow
someone to gain access to something he/she should not. "This may create some
issue for admin" because a function created by admin can be dropped by anyone,
so it disrupts admin's work. Admin has to create a function (that is dropped by
someone with no privilege) again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
