[jira] [Updated] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
[ https://issues.apache.org/jira/browse/SENTRY-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sachin updated SENTRY-2204: --- Description: I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} {noformat} show grant role role_157; |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? was: I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} show grant role role_157; {noformat} {noformat} |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? > Revoke 'all/*' on server from role , revokes all privileges from the same role > -- > > Key: SENTRY-2204 > URL: https://issues.apache.org/jira/browse/SENTRY-2204 > Project: Sentry > Issue Type: New Feature > Components: Sentry >Reporter: Sachin >Priority: Major > > I have assigned below privileges to one role i.e. role_1; > {noformat} > |+--+++-+-+-++---+---+--+--+| > |\|
[jira] [Updated] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
[ https://issues.apache.org/jira/browse/SENTRY-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sachin updated SENTRY-2204: --- Description: I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} show grant role role_157; {noformat} {noformat} |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? was: I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} \{noformat} show grant role role_157; \{noformat} {noformat} |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? > Revoke 'all/*' on server from role , revokes all privileges from the same role > -- > > Key: SENTRY-2204 > URL: https://issues.apache.org/jira/browse/SENTRY-2204 > Project: Sentry > Issue Type: New Feature > Components: Sentry >Reporter: Sachin >Priority: Major > > I have assigned below privileges to one role i.e. role_1; > {noformat} >
[jira] [Updated] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
[ https://issues.apache.org/jira/browse/SENTRY-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sachin updated SENTRY-2204: --- Description: I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} \{noformat} show grant role role_157; \{noformat} {noformat} |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? was: I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} {noformat} |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? > Revoke 'all/*' on server from role , revokes all privileges from the same role > -- > > Key: SENTRY-2204 > URL: https://issues.apache.org/jira/browse/SENTRY-2204 > Project: Sentry > Issue Type: New Feature > Components: Sentry >Reporter: Sachin >Priority: Major > > I have assigned below privileges to one role i.e. role_1; > {noformat} > |+--+++-+-+-++---+---+--+--+| > |\|
[jira] [Created] (SENTRY-2204) Revoke 'all/*' on server from role , revokes all privileges from the same role
Sachin created SENTRY-2204: -- Summary: Revoke 'all/*' on server from role , revokes all privileges from the same role Key: SENTRY-2204 URL: https://issues.apache.org/jira/browse/SENTRY-2204 Project: Sentry Issue Type: New Feature Components: Sentry Reporter: Sachin I have assigned below privileges to one role i.e. role_1; {noformat} |+--+++-+-+-++---+---+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+--+++-+-+-++---+---+--+--+| |\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \|| |\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \|| |\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \|| |+--+++-+-+-++---+---+--+--+| | | {noformat} After that executed below command i.e revoke and show grant for the same role {noformat} revoke all on server server1 from role role_157; {noformat} {noformat} |+---+++-+-+-++---+-+--+--+| |\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \|| |+---+++-+-+-++---+-+--+--+| |+---+++-+-+-++---+-+--+--+| |No rows selected (0.119 seconds)| {noformat} As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well. So it is right behaviour? or It should revoke only all/* on server and should keep other privileges? -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2149) Implement functionality to show groups
[ https://issues.apache.org/jira/browse/SENTRY-2149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16387745#comment-16387745 ] Sachin commented on SENTRY-2149: Thanks for comments. Yes request is use to see all the groups from sentry. Sentry CLI mean Sentry shell?. I have checked with Sentry shell, it doesn't have the "SHOW GROUPS". Please correct me If I am wrong. > Implement functionality to show groups > -- > > Key: SENTRY-2149 > URL: https://issues.apache.org/jira/browse/SENTRY-2149 > Project: Sentry > Issue Type: New Feature >Reporter: Sachin >Priority: Major > > Sentry allows to list the roles > SHOW ROLES; > There should be also a way to show the groups . Currently it seems that this > is only possible by directly querying the Sentry database. This functionality > should be provided out-of-the-box similar to the statement above. > The functionality could look similar to the following statement > {code:sql} > SHOW GROUPS;{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2149) Implement functionality to show groups
[ https://issues.apache.org/jira/browse/SENTRY-2149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sachin updated SENTRY-2149: --- Description: Sentry allows to list the roles SHOW ROLES; There should be also a way to show the groups . Currently it seems that this is only possible by directly querying the Sentry database. This functionality should be provided out-of-the-box similar to the statement above. The functionality could look similar to the following statement {code:sql} SHOW GROUPS;{code} was: Sentry allows to list the roles SHOW ROLES; There should be also a way to show the groups . Currently it seems that this is only possible by directly querying the Sentry database. This functionality should be provided out-of-the-box similar to the statement above. The functionality could look similar to the following statement {code:sql} SHOW GROUPS;{code} > Implement functionality to show groups > -- > > Key: SENTRY-2149 > URL: https://issues.apache.org/jira/browse/SENTRY-2149 > Project: Sentry > Issue Type: New Feature >Reporter: Sachin >Priority: Major > > Sentry allows to list the roles > SHOW ROLES; > There should be also a way to show the groups . Currently it seems that this > is only possible by directly querying the Sentry database. This functionality > should be provided out-of-the-box similar to the statement above. > The functionality could look similar to the following statement > {code:sql} > SHOW GROUPS;{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2149) Implement functionality to show groups
Sachin created SENTRY-2149: -- Summary: Implement functionality to show groups Key: SENTRY-2149 URL: https://issues.apache.org/jira/browse/SENTRY-2149 Project: Sentry Issue Type: New Feature Reporter: Sachin Sentry allows to list the roles SHOW ROLES; There should be also a way to show the groups . Currently it seems that this is only possible by directly querying the Sentry database. This functionality should be provided out-of-the-box similar to the statement above. The functionality could look similar to the following statement {code:sql} SHOW GROUPS;{code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)