[
https://issues.apache.org/jira/browse/SENTRY-2391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li reassigned SENTRY-2391:
-----------------------------
Assignee: (was: Na Li)
> User without any privileges can drop a function
> -----------------------------------------------
>
> Key: SENTRY-2391
> URL: https://issues.apache.org/jira/browse/SENTRY-2391
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: Na Li
> Priority: Major
>
> Pre-req:
> 1. login as an admin.
> 2. create a DB as db1 and then create a function func1
> 3. create new role and then grant role to new test user.
> Steps:
> 1. Login as test user.
> 2. Run query : DROP FUNCTION db1.func1;
> Actual : Function dropped.
> Expected : should not allow drop.
> DROP should be allowed only when user has ALL on SERVER or DB.
> "anyone can drop a function" is not a security hole, as it does not allow
> someone to gain access to something he/she should not. "This may create some
> issue for admin" because a function created by admin can be dropped by
> anyone, so it disrupts admin's work. Admin has to create a function (that is
> dropped by someone with no privilege) again.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
