Andrew Wong has posted comments on this change. ( http://gerrit.cloudera.org:8080/16113 )
Change subject: KUDU-3090 Restrict changing ownership of a table ...................................................................... Patch Set 2: (3 comments) http://gerrit.cloudera.org:8080/#/c/16113/2/src/kudu/integration-tests/master_authz-itest.cc File src/kudu/integration-tests/master_authz-itest.cc: http://gerrit.cloudera.org:8080/#/c/16113/2/src/kudu/integration-tests/master_authz-itest.cc@1044 PS2, Line 1044: GrantAllWithGrantDatabasePrivilege But don't we only need ALL WITH GRANT on table? http://gerrit.cloudera.org:8080/#/c/16113/2/src/kudu/master/authz_provider.h File src/kudu/master/authz_provider.h: http://gerrit.cloudera.org:8080/#/c/16113/2/src/kudu/master/authz_provider.h@117 PS2, Line 117: // The owner is the current owner, the new owner doesn't matter. nit: maybe reword so it's more pertinent to this interface, e.g. "'is_owner' indicates whether 'user' is the current owner of the table." http://gerrit.cloudera.org:8080/#/c/16113/2/src/kudu/master/catalog_manager.cc File src/kudu/master/catalog_manager.cc: http://gerrit.cloudera.org:8080/#/c/16113/2/src/kudu/master/catalog_manager.cc@2573 PS2, Line 2573: RETURN_NOT_OK(SetupError(authz_provider_->AuthorizeAlterTable(table_name, new_table, username, : username == owner), : resp, MasterErrorPB::NOT_AUTHORIZED)); We shouldn't have to do this if we're changing owners, right? -- To view, visit http://gerrit.cloudera.org:8080/16113 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I75a8b24364572a84f93826ad670c543abd407bb1 Gerrit-Change-Number: 16113 Gerrit-PatchSet: 2 Gerrit-Owner: Attila Bukor <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Fri, 26 Jun 2020 17:45:12 +0000 Gerrit-HasComments: Yes
