Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/13494 )
Change subject: sentry: don't send requests for DATABASE/SERVER privileges ...................................................................... Patch Set 2: (1 comment) http://gerrit.cloudera.org:8080/#/c/13494/2/src/kudu/master/sentry_privileges_fetcher.cc File src/kudu/master/sentry_privileges_fetcher.cc: http://gerrit.cloudera.org:8080/#/c/13494/2/src/kudu/master/sentry_privileges_fetcher.cc@693 PS2, Line 693: NarrowAuthzScopeForFetch(db, table, &authorizable); > I'm not sure it will work as expected. Assume there is top-level request l Remember, this is narrowing the scope of the call to Sentry, so yes. That is the behavior this would bring about. If db.new_table exists, this will fetch privileges for new_table, and in those privileges, there will exist privileges for 'db'. The same goes for server-level privileges. -- To view, visit http://gerrit.cloudera.org:8080/13494 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: Ic0025e3bacc8449dfffe99a1fc062a9e6787eb78 Gerrit-Change-Number: 13494 Gerrit-PatchSet: 2 Gerrit-Owner: Andrew Wong <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Tue, 04 Jun 2019 18:23:51 +0000 Gerrit-HasComments: Yes
