Alex Behm has posted comments on this change. ( http://gerrit.cloudera.org:8080/10079 )
Change subject: IMPALA-6651: [DOCS] Fine grained privileges ...................................................................... Patch Set 3: (5 comments) http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_grant.xml File docs/topics/impala_grant.xml: http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_grant.xml@57 PS3, Line 57: <ph id="priv_objs" rev="3.0">object_type ::= TABLE | DATABASE | SERVER | URI</ph> We should mention somewhere that only ALL applies to the URI object. Finer-grained privileges on a URI are not supported. http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_grant.xml@69 PS3, Line 69: Only administrative users (initially, a predefined set of users This is not quite true, but let's defer the cleanup. Fredy will file a JIRA for the follow-on task. http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_grant.xml@179 PS3, Line 179: <p> Also add a note about: * CREATE TABLE AS SELECT which requires CREATE on the database that should contain the new table and SELECT on the tables references in the query portion of the statement. * COMPUTE STATS requires ALTER and SELECT on the target table http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_revoke.xml File docs/topics/impala_revoke.xml: http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_revoke.xml@44 PS3, Line 44: privileges on a specified object from groups. The revocation has a The last two sentences about revocation having a cascading effect are straight-up wrong. Please remove. http://gerrit.cloudera.org:8080/#/c/10079/3/docs/topics/impala_revoke.xml@72 PS3, Line 72: union of all other privileges. You cannot revoke <codeph>SELECT</codeph>, I suggest rephrasing the last sentence to something like this: Revoking SELECT,INSERT,etc. from a role that only has the ALL privilege has no effect. To reduce the privileges of that role you must REVOKE ALL and GRANT the desired privileges. -- To view, visit http://gerrit.cloudera.org:8080/10079 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I7b018bf847537ed461df6d9caee99f90b139f8ab Gerrit-Change-Number: 10079 Gerrit-PatchSet: 3 Gerrit-Owner: Alex Rodoni <[email protected]> Gerrit-Reviewer: Adam Holley <[email protected]> Gerrit-Reviewer: Alex Behm <[email protected]> Gerrit-Reviewer: Alex Rodoni <[email protected]> Gerrit-Reviewer: Fredy Wijaya <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Comment-Date: Wed, 18 Apr 2018 21:33:19 +0000 Gerrit-HasComments: Yes
