subject:"Review Request 64452\: SENTRY\-2091\: User\-based Privilege is broken by SENTRY\-769"

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2018-01-29 Thread kalyan kumar kalvagadda via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review196465
---




sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
Lines 812 (patched)


Should this be logged as an error? With this feature this is valid 
scenarion and need logged as an error.



sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
Line 109 (original), 109 (patched)


Should this be logged as an error? With this feature this is valid 
scenarion and need logged as an error.


- kalyan kumar kalvagadda


On Jan. 22, 2018, 9:16 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Jan. 22, 2018, 9:16 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  447deaf 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  a9b98f3 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  edea5b6 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  fd8ec56 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/3/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2018-01-29 Thread Sergio Pena via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review196435
---




sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
Lines 805-814 (patched)


This class is not used anymore and will be removed in the future, I don't 
think we should continue maintaining it.



sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
Line 550 (original)


All the HiveAuthzBindingHookBase changes are not related to the fix of this 
issue. Can we remove those changes to keep patch smaller and the history clean? 
I think We should fix those issues on other patches that address syntax issues.



sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
Lines 107-109 (original), 107-109 (patched)


What's the reason of chaning to newHashSet() instead of leaving the 
emptySet()? Both will have empty sets, don't they?

Also, is it necessary to change the variable name 'e' to 'ex'?



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
Lines 188 (patched)


This could have a tabl or empty space, Please remove this change.



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
Lines 288-291 (patched)


Can this test be moved to the previous test? I think both tests are similar.



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
Line 369 (original), 369 (patched)


Why do we need the table name change? Was the older name causing problems?



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
Lines 371 (patched)


This could have a tabl or empty space, Please remove this change.


- Sergio Pena


On Jan. 22, 2018, 9:16 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Jan. 22, 2018, 9:16 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  447deaf 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  a9b98f3 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  edea5b6 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  fd8ec56 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/3/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2018-01-22 Thread Na Li via Review Board



> On Dec. 15, 2017, 10:48 p.m., Vadim Spector wrote:
> > sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
> > Line 372 (original), 372 (patched)
> > 
> >
> > Are we sure here that CREATE fails for the right reason, i.e. user1 not 
> > having privileges, not because it already exists?
> > 
> > If we want to make sure that user1 can neither CREATE nor SELECT, would 
> > it make sense to try CREATE on a different table, not the one that already 
> > exists, followed by SELECT on already existing table?

change to "CREATE TABLE db1.t_user1", so the table name is different now.


- Na


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review193992
---


On Jan. 22, 2018, 9:16 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Jan. 22, 2018, 9:16 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  447deaf 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  a9b98f3 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  edea5b6 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  fd8ec56 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/3/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2018-01-22 Thread Na Li via Review Board



> On Dec. 19, 2017, 9:58 p.m., Steve Moist wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
> > Lines 280 (patched)
> > 
> >
> > Worth it to add @Test(expected=HiveSQLException) or verify exception 
> > message?

I replace the try{}catch{} as context.assertAuthzException.


- Na


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review194184
---


On Jan. 22, 2018, 9:16 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Jan. 22, 2018, 9:16 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  447deaf 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  a9b98f3 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  edea5b6 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  fd8ec56 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/3/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2018-01-22 Thread Na Li via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/
---

(Updated Jan. 22, 2018, 9:16 p.m.)


Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio Pena, 
and Vadim Spector.


Repository: sentry


Description
---

Update the code to make sure user without group but with role has proper 
access. 
test case is added for the scenario that user has no group but with desired 
role. 
test case is added for the scenario that user has no group and no privilege to 
allow the access


Diffs (updated)
-

  
sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
 5a21dd3 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
 447deaf 
  
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
 a9b98f3 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 edea5b6 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
 5364937 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
 fd8ec56 


Diff: https://reviews.apache.org/r/64452/diff/3/

Changes: https://reviews.apache.org/r/64452/diff/2-3/


Testing
---

unit tests


Thanks,

Na Li

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2017-12-19 Thread Steve Moist via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review194184
---




sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
Line 1896 (original), 1896 (patched)


Can replace with CollectionUtils.isNotEmpty



sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
Line 1912 (original), 1912 (patched)


Can replace with CollectionUtils.isNotEmpty(users)



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
Lines 280 (patched)


Worth it to add @Test(expected=HiveSQLException) or verify exception 
message?


- Steve Moist


On Dec. 14, 2017, 8:54 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Dec. 14, 2017, 8:54 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  9c60c22 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
>  a41d1bd 
>   
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
>  f060b82 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  005724f 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  6c4631f 
>   
> sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  02ac514 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  02ac514 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/2/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2017-12-15 Thread Vadim Spector via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review193992
---




sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
Line 372 (original), 372 (patched)


Are we sure here that CREATE fails for the right reason, i.e. user1 not 
having privileges, not because it already exists?

If we want to make sure that user1 can neither CREATE nor SELECT, would it 
make sense to try CREATE on a different table, not the one that already exists, 
followed by SELECT on already existing table?



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
Line 370 (original), 368 (patched)


Ditto: do we know CREATE fails for the right reason (user1 lacking 
privilege), not because the table already exists?


- Vadim Spector


On Dec. 14, 2017, 8:54 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Dec. 14, 2017, 8:54 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  9c60c22 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
>  a41d1bd 
>   
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
>  f060b82 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  005724f 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  6c4631f 
>   
> sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  02ac514 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  02ac514 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/2/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2017-12-15 Thread Na Li via Review Board



> On Dec. 15, 2017, 3:37 p.m., Arjun Mishra wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
> > Lines 282 (patched)
> > 
> >
> > Is the fail statement misplacd? Should it not be in the catch block?

No. It is expected to get exception since user does not have permission to 
"select c1 from t2". That is why the fail() is within the try{}. If no 
exception is thrown, the test will fail


> On Dec. 15, 2017, 3:37 p.m., Arjun Mishra wrote:
> > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
> > Lines 306 (patched)
> > 
> >
> > Is the fail statement misplacd? Should it not be in the catch block?

No. It is expected to get exception since user does not have permission to 
"select c1 from t2". That is why the fail() is within the try{}. If no 
exception is thrown, the test will fail


- Na


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/#review193920
---


On Dec. 14, 2017, 8:54 p.m., Na Li wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/64452/
> ---
> 
> (Updated Dec. 14, 2017, 8:54 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio 
> Pena, and Vadim Spector.
> 
> 
> Repository: sentry
> 
> 
> Description
> ---
> 
> Update the code to make sure user without group but with role has proper 
> access. 
> test case is added for the scenario that user has no group but with desired 
> role. 
> test case is added for the scenario that user has no group and no privilege 
> to allow the access
> 
> 
> Diffs
> -
> 
>   
> sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
>  5a21dd3 
>   
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
>  9c60c22 
>   
> sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java
>  a41d1bd 
>   
> sentry-binding/sentry-binding-solr/src/test/java/org/apache/sentry/binding/solr/TestSolrAuthzBinding.java
>  f060b82 
>   
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
>  005724f 
>   
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
>  6c4631f 
>   
> sentry-tests/sentry-tests-hive-v2/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  02ac514 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
>  5364937 
>   
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestUserManagement.java
>  02ac514 
> 
> 
> Diff: https://reviews.apache.org/r/64452/diff/2/
> 
> 
> Testing
> ---
> 
> unit tests
> 
> 
> Thanks,
> 
> Na Li
> 
>

Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

2017-12-13 Thread Na Li via Review Board


---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/64452/
---

Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, Sergio Pena, 
and Vadim Spector.


Repository: sentry


Description
---

Update the code to make sure user without group but with role has proper 
access. 
test case is added for the scenario that user has no group but with desired 
role. 
test case is added for the scenario that user has no group and no privilege to 
allow the access


Diffs
-

  
sentry-binding/sentry-binding-hive-v2/src/main/java/org/apache/sentry/binding/hive/v2/HiveAuthzBindingHookBaseV2.java
 5a21dd3 
  
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java
 9c60c22 
  
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java
 005724f 
  
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
 c730a03 
  
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestGrantUserToRole.java
 5364937 


Diff: https://reviews.apache.org/r/64452/diff/1/


Testing
---

unit tests


Thanks,

Na Li

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Re: Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

Review Request 64452: SENTRY-2091: User-based Privilege is broken by SENTRY-769

9 matches

Site Navigation

Mail list logo

Footer information