[jira] [Updated] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
[
https://issues.apache.org/jira/browse/SENTRY-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sachin updated SENTRY-2204:
---
Description:
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
{noformat}
show grant role role_157;
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
was:
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
show grant role role_157;
{noformat}
{noformat}
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
> Revoke 'all/*' on server from role , revokes all privileges from the same role
> --
>
> Key: SENTRY-2204
> URL: https://issues.apache.org/jira/browse/SENTRY-2204
> Project: Sentry
> Issue Type: New Feature
> Components: Sentry
>Reporter: Sachin
>Priority: Major
>
> I have assigned below privileges to one role i.e. role_1;
> {noformat}
> |+--+++-+-+-++---+---+--+--+|
> |\|
[jira] [Updated] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
[
https://issues.apache.org/jira/browse/SENTRY-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sachin updated SENTRY-2204:
---
Description:
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
show grant role role_157;
{noformat}
{noformat}
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
was:
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
\{noformat}
show grant role role_157;
\{noformat}
{noformat}
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
> Revoke 'all/*' on server from role , revokes all privileges from the same role
> --
>
> Key: SENTRY-2204
> URL: https://issues.apache.org/jira/browse/SENTRY-2204
> Project: Sentry
> Issue Type: New Feature
> Components: Sentry
>Reporter: Sachin
>Priority: Major
>
> I have assigned below privileges to one role i.e. role_1;
> {noformat}
>
[jira] [Updated] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
[
https://issues.apache.org/jira/browse/SENTRY-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sachin updated SENTRY-2204:
---
Description:
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
\{noformat}
show grant role role_157;
\{noformat}
{noformat}
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
was:
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
{noformat}
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
> Revoke 'all/*' on server from role , revokes all privileges from the same role
> --
>
> Key: SENTRY-2204
> URL: https://issues.apache.org/jira/browse/SENTRY-2204
> Project: Sentry
> Issue Type: New Feature
> Components: Sentry
>Reporter: Sachin
>Priority: Major
>
> I have assigned below privileges to one role i.e. role_1;
> {noformat}
> |+--+++-+-+-++---+---+--+--+|
> |\|
[jira] [Created] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
Sachin created SENTRY-2204:
--
Summary: Revoke 'all/*' on server from role , revokes all
privileges from the same role
Key: SENTRY-2204
URL: https://issues.apache.org/jira/browse/SENTRY-2204
Project: Sentry
Issue Type: New Feature
Components: Sentry
Reporter: Sachin
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+--+++-+-+-++---+---+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+--+++-+-+-++---+---+--+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \|
1523963186544000 \| -- \||
|+--+++-+-+-++---+---+--+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
{noformat}
|+---+++-+-+-++---+-+--+--+|
|\| database \| table \| partition \| column \| principal_name \|
principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+---+++-+-+-++---+-+--+--+|
|+---+++-+-+-++---+-+--+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the
other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should
keep other privileges?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2149) Implement functionality to show groups
[
https://issues.apache.org/jira/browse/SENTRY-2149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16387745#comment-16387745
]
Sachin commented on SENTRY-2149:
Thanks for comments. Yes request is use to see all the groups from sentry.
Sentry CLI mean Sentry shell?. I have checked with Sentry shell, it doesn't
have the "SHOW GROUPS".
Please correct me If I am wrong.
> Implement functionality to show groups
> --
>
> Key: SENTRY-2149
> URL: https://issues.apache.org/jira/browse/SENTRY-2149
> Project: Sentry
> Issue Type: New Feature
>Reporter: Sachin
>Priority: Major
>
> Sentry allows to list the roles
> SHOW ROLES;
> There should be also a way to show the groups . Currently it seems that this
> is only possible by directly querying the Sentry database. This functionality
> should be provided out-of-the-box similar to the statement above.
> The functionality could look similar to the following statement
> {code:sql}
> SHOW GROUPS;{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (SENTRY-2149) Implement functionality to show groups
[
https://issues.apache.org/jira/browse/SENTRY-2149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sachin updated SENTRY-2149:
---
Description:
Sentry allows to list the roles
SHOW ROLES;
There should be also a way to show the groups . Currently it seems that this
is only possible by directly querying the Sentry database. This functionality
should be provided out-of-the-box similar to the statement above.
The functionality could look similar to the following statement
{code:sql}
SHOW GROUPS;{code}
was:
Sentry allows to list the roles
SHOW ROLES;
There should be also a way to show the groups . Currently it seems that this is
only possible by directly querying the Sentry database. This functionality
should be provided out-of-the-box similar to the statement above.
The functionality could look similar to the following statement
{code:sql}
SHOW GROUPS;{code}
> Implement functionality to show groups
> --
>
> Key: SENTRY-2149
> URL: https://issues.apache.org/jira/browse/SENTRY-2149
> Project: Sentry
> Issue Type: New Feature
>Reporter: Sachin
>Priority: Major
>
> Sentry allows to list the roles
> SHOW ROLES;
> There should be also a way to show the groups . Currently it seems that this
> is only possible by directly querying the Sentry database. This functionality
> should be provided out-of-the-box similar to the statement above.
> The functionality could look similar to the following statement
> {code:sql}
> SHOW GROUPS;{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Created] (SENTRY-2149) Implement functionality to show groups
Sachin created SENTRY-2149:
--
Summary: Implement functionality to show groups
Key: SENTRY-2149
URL: https://issues.apache.org/jira/browse/SENTRY-2149
Project: Sentry
Issue Type: New Feature
Reporter: Sachin
Sentry allows to list the roles
SHOW ROLES;
There should be also a way to show the groups . Currently it seems that this is
only possible by directly querying the Sentry database. This functionality
should be provided out-of-the-box similar to the statement above.
The functionality could look similar to the following statement
{code:sql}
SHOW GROUPS;{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
