[jira] [Commented] (SENTRY-2162) Retrieve and list user privileges for authorization
[ https://issues.apache.org/jira/browse/SENTRY-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16501195#comment-16501195 ] Hadoop QA commented on SENTRY-2162: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926488/SENTRY-2162.1.patch against master. {color:red}Overall:{color} -1 due to 3 errors {color:red}ERROR:{color} mvn test exited 1 {color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryServerForPoolWithoutKerberos {color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryServerWithoutKerberos Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3851/console This message is automatically generated. > Retrieve and list user privileges for authorization > --- > > Key: SENTRY-2162 > URL: https://issues.apache.org/jira/browse/SENTRY-2162 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2162.1.patch > > > Make sure the implicit privileges assigned to user directly are retried and > applied for authorization request. This may require the code change in > SentryPolicyStoreProcessor and several other places. > For example, > after user_A creates table_B and get "all" privilege on table_B, user_A can > insert rows into that table. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2162) Retrieve and list user privileges for authorization
[ https://issues.apache.org/jira/browse/SENTRY-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2162: Attachment: SENTRY-2162.1.patch > Retrieve and list user privileges for authorization > --- > > Key: SENTRY-2162 > URL: https://issues.apache.org/jira/browse/SENTRY-2162 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2162.1.patch > > > Make sure the implicit privileges assigned to user directly are retried and > applied for authorization request. This may require the code change in > SentryPolicyStoreProcessor and several other places. > For example, > after user_A creates table_B and get "all" privilege on table_B, user_A can > insert rows into that table. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2256: Resolution: Fixed Fix Version/s: 2.1.0 Status: Resolved (was: Patch Available) > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2158) Update notification handler to update privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16501087#comment-16501087 ] Hadoop QA commented on SENTRY-2158: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926450/SENTRY-2158.001.patch against master. {color:green}Overall:{color} +1 all checks pass {color:green}SUCCESS:{color} all tests passed Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3850/console This message is automatically generated. > Update notification handler to update privileges to user > > > Key: SENTRY-2158 > URL: https://issues.apache.org/jira/browse/SENTRY-2158 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2158.001.patch > > > SentryPolicyStoreProcessor calls NotificationHandlerInvoker when processing > permission related commands. We should update notification handler in the > following files when granting privileges to user. > When authorizable changes, need to change user privileges too > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16501007#comment-16501007 ] Hadoop QA commented on SENTRY-2256: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926415/SENTRY-2256.4.patch against master. {color:green}Overall:{color} +1 all checks pass {color:green}SUCCESS:{color} all tests passed Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3849/console This message is automatically generated. > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2258) Remove user when it is not associated with other objects
[ https://issues.apache.org/jira/browse/SENTRY-2258?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2258: -- Attachment: SENTRY-2258.001.patch > Remove user when it is not associated with other objects > > > Key: SENTRY-2258 > URL: https://issues.apache.org/jira/browse/SENTRY-2258 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2258.001.patch > > Original Estimate: 72h > Remaining Estimate: 72h > > When a privilege is created and assigned to a user, this user is > automatically created if it does not exist. > So when a privilege is removed from a user, or a role is removed from a user, > this user should be removed when it is not associated with other objects > (like privileges and roles) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2158) Update notification handler to update privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2158: -- Status: Patch Available (was: Open) > Update notification handler to update privileges to user > > > Key: SENTRY-2158 > URL: https://issues.apache.org/jira/browse/SENTRY-2158 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2158.001.patch > > > SentryPolicyStoreProcessor calls NotificationHandlerInvoker when processing > permission related commands. We should update notification handler in the > following files when granting privileges to user. > When authorizable changes, need to change user privileges too > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2158) Update notification handler to update privileges to user
[ https://issues.apache.org/jira/browse/SENTRY-2158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2158: -- Attachment: SENTRY-2158.001.patch > Update notification handler to update privileges to user > > > Key: SENTRY-2158 > URL: https://issues.apache.org/jira/browse/SENTRY-2158 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Fix For: 2.1.0 > > Attachments: SENTRY-2158.001.patch > > > SentryPolicyStoreProcessor calls NotificationHandlerInvoker when processing > permission related commands. We should update notification handler in the > following files when granting privileges to user. > When authorizable changes, need to change user privileges too > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandler.java > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/NotificationHandlerInvoker.java -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2157) Update audit log to grant/Revoke privilege to user
[ https://issues.apache.org/jira/browse/SENTRY-2157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500836#comment-16500836 ] Na Li commented on SENTRY-2157: --- Can following similar approach in sentry-728. https://reviews.apache.org/r/34080 > Update audit log to grant/Revoke privilege to user > -- > > Key: SENTRY-2157 > URL: https://issues.apache.org/jira/browse/SENTRY-2157 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Priority: Major > Fix For: 2.1.0 > > > Update audit log to grant/revoke privileges to user -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2162) Retrieve and list user privileges for authorization
[ https://issues.apache.org/jira/browse/SENTRY-2162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2162: Attachment: (was: SENTRY-2162.1.patch) > Retrieve and list user privileges for authorization > --- > > Key: SENTRY-2162 > URL: https://issues.apache.org/jira/browse/SENTRY-2162 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Sergio Peña >Priority: Major > Fix For: 2.1.0 > > > Make sure the implicit privileges assigned to user directly are retried and > applied for authorization request. This may require the code change in > SentryPolicyStoreProcessor and several other places. > For example, > after user_A creates table_B and get "all" privilege on table_B, user_A can > insert rows into that table. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2258) Remove user when it is not associated with other objects
Na Li created SENTRY-2258: - Summary: Remove user when it is not associated with other objects Key: SENTRY-2258 URL: https://issues.apache.org/jira/browse/SENTRY-2258 Project: Sentry Issue Type: Sub-task Components: Sentry Affects Versions: 2.1.0 Reporter: Na Li Assignee: Na Li When a privilege is created and assigned to a user, this user is automatically created if it does not exist. So when a privilege is removed from a user, or a role is removed from a user, this user should be removed when it is not associated with other objects (like privileges and roles) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500801#comment-16500801 ] Hadoop QA commented on SENTRY-2256: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926415/SENTRY-2256.4.patch against master. {color:red}Overall:{color} -1 due to 4 errors {color:red}ERROR:{color} mvn test exited 1 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationWithHA {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationTogglingConf {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationAdvanced Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3847/console This message is automatically generated. > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500798#comment-16500798 ] Hadoop QA commented on SENTRY-2256: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926415/SENTRY-2256.4.patch against master. {color:red}Overall:{color} -1 due to an error {color:red}ERROR:{color} failed to build with patch (exit code 143) Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3848/console This message is automatically generated. > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Resolved] (SENTRY-2161) Make sure partial invoke only applies to explicit privileges
[ https://issues.apache.org/jira/browse/SENTRY-2161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li resolved SENTRY-2161. --- Resolution: Not A Problem New design assigns owner a privilege "OWNER", and won't cause User_A to lose its original "SELECT" privilege. So this is no longer an issue. > Make sure partial invoke only applies to explicit privileges > > > Key: SENTRY-2161 > URL: https://issues.apache.org/jira/browse/SENTRY-2161 > Project: Sentry > Issue Type: Sub-task >Reporter: Na Li >Assignee: Na Li >Priority: Major > > *Background:* > Partial revoke > For examples: > 1. When a role has been granted "all" on table and the role already has > select/insert on privileges, they are removed automatically as "all" covers > the "select/insert". > 2. When a role already has "all" privileges on a table and "select" privilege > are revoked, "all" privileges is revoked and "insert" is added automatically > as there are only "select", "insert", and "all". > Hierarchical privileges: > Revoking privilege on a database would effect the privileges granted to the > tables in that database. > *Problem:* > For example: > 1) User_A has "select" on table_B > 2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as > implicit privilege > 3) User_A is not owner of table_B any more > based on partial invoke behavior, User_A will lose "select" on table_B after > step 3). The desired behavior is for User_A still retains "select" on table_B > after step 3) > *Solution:* > Only apply partial revoke to user configured privileges (explicit privilege), > and not affect implicit privileges. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2161) Make sure partial invoke only applies to explicit privileges
[ https://issues.apache.org/jira/browse/SENTRY-2161?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2161: -- Description: *Background:* Partial revoke For examples: 1. When a role has been granted "all" on table and the role already has select/insert on privileges, they are removed automatically as "all" covers the "select/insert". 2. When a role already has "all" privileges on a table and "select" privilege are revoked, "all" privileges is revoked and "insert" is added automatically as there are only "select", "insert", and "all". Hierarchical privileges: Revoking privilege on a database would effect the privileges granted to the tables in that database. *Problem:* For example: 1) User_A has "select" on table_B 2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as implicit privilege 3) User_A is not owner of table_B any more based on partial invoke behavior, User_A will lose "select" on table_B after step 3). The desired behavior is for User_A still retains "select" on table_B after step 3) *Solution:* Only apply partial revoke to user configured privileges (explicit privilege), and not affect implicit privileges. was: *Background:* Partial revoke For examples: 1. When a role has been granted "all" on table and the role already has select/insert on privileges, they are removed automatically as "all" covers the "select/insert". 2. When a role already has "all" privileges on a table and "select" privilege are revoked, "all" privileges is revoked and "insert" is added automatically as there are only "select", "insert", and "all". Hierarchical privileges: Revoking privilege on a database would effect the privileges granted to the tables in that database. *Problem:* For example: 1) User_A has "select" on table_B 2) User_A is set to owner of table_B and gets "all" privilege on table_B as implicit privilege 3) User_A is not owner of table_B any more based on partial invoke behavior, User_A will lose "select" on table_B after step 3). The desired behavior is for User_A still retains "select" on table_B after step 3) *Solution:* Only apply partial revoke to user configured privileges (explicit privilege), and not affect implicit privileges. > Make sure partial invoke only applies to explicit privileges > > > Key: SENTRY-2161 > URL: https://issues.apache.org/jira/browse/SENTRY-2161 > Project: Sentry > Issue Type: Sub-task >Reporter: Na Li >Assignee: Na Li >Priority: Major > > *Background:* > Partial revoke > For examples: > 1. When a role has been granted "all" on table and the role already has > select/insert on privileges, they are removed automatically as "all" covers > the "select/insert". > 2. When a role already has "all" privileges on a table and "select" privilege > are revoked, "all" privileges is revoked and "insert" is added automatically > as there are only "select", "insert", and "all". > Hierarchical privileges: > Revoking privilege on a database would effect the privileges granted to the > tables in that database. > *Problem:* > For example: > 1) User_A has "select" on table_B > 2) User_A is set to owner of table_B and gets "ALL" privilege on table_B as > implicit privilege > 3) User_A is not owner of table_B any more > based on partial invoke behavior, User_A will lose "select" on table_B after > step 3). The desired behavior is for User_A still retains "select" on table_B > after step 3) > *Solution:* > Only apply partial revoke to user configured privileges (explicit privilege), > and not affect implicit privileges. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2257) Implement Sentry store API to update owner privilege on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2257: Summary: Implement Sentry store API to update owner privilege on a authorizable (was: Implement Sentry store API to remove update on a authorizable) > Implement Sentry store API to update owner privilege on a authorizable > -- > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to update owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2257) Implement Sentry store API to remove update on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2257: Description: Implement functionality in sentry store to update owner privilege on an authorizable. (was: Implement functionality in sentry store to remove owner privilege on an authorizable.) > Implement Sentry store API to remove update on a authorizable > - > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to update owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2257) Implement Sentry store API to remove update on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2257: Summary: Implement Sentry store API to remove update on a authorizable (was: Implement Sentry store API to remove owner on a authorizable) > Implement Sentry store API to remove update on a authorizable > - > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to remove owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2257) Implement Sentry store API to remove owner on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500692#comment-16500692 ] kalyan kumar kalvagadda commented on SENTRY-2257: - I initially thought of having them in separate transactions after taking to [~lina.li] i'm convinced that they should be in same transaction. I will update the Jira accordingly. > Implement Sentry store API to remove owner on a authorizable > > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to remove owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2257) Implement Sentry store API to remove owner on a authorizable
[ https://issues.apache.org/jira/browse/SENTRY-2257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500671#comment-16500671 ] Sergio Peña commented on SENTRY-2257: - Would this be to replace? The remove and insert of owner privileges will need to be run in a transaction, right? > Implement Sentry store API to remove owner on a authorizable > > > Key: SENTRY-2257 > URL: https://issues.apache.org/jira/browse/SENTRY-2257 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.1.0 > > > Implement functionality in sentry store to remove owner privilege on an > authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2244) Alter sentry role or user at granting privilege can avoid extra query to database
[ https://issues.apache.org/jira/browse/SENTRY-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500661#comment-16500661 ] Hadoop QA commented on SENTRY-2244: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926398/SENTRY-2244.002.patch against master. {color:green}Overall:{color} +1 all checks pass {color:green}SUCCESS:{color} all tests passed Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3844/console This message is automatically generated. > Alter sentry role or user at granting privilege can avoid extra query to > database > - > > Key: SENTRY-2244 > URL: https://issues.apache.org/jira/browse/SENTRY-2244 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2244.001.patch, SENTRY-2244.002.patch, > SENTRY-2244.002.patch > > > In alterSentryRoleGrantPrivilegeCore and alterSentryUserGrantPrivilegeCore , > all of the privileges of a role or a user are already fetched from DB. In > following processing, there is no need to query DB to get privilege INSERT, > SELECT, ALL of this role again. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2257) Implement Sentry store API to remove owner on a authorizable
kalyan kumar kalvagadda created SENTRY-2257: --- Summary: Implement Sentry store API to remove owner on a authorizable Key: SENTRY-2257 URL: https://issues.apache.org/jira/browse/SENTRY-2257 Project: Sentry Issue Type: Bug Components: Sentry Affects Versions: 2.1.0 Reporter: kalyan kumar kalvagadda Assignee: kalyan kumar kalvagadda Fix For: 2.1.0 Implement functionality in sentry store to remove owner privilege on an authorizable. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500561#comment-16500561 ] Hadoop QA commented on SENTRY-2241: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926403/SENTRY-2241.001.patch against master. {color:green}Overall:{color} +1 all checks pass {color:green}SUCCESS:{color} all tests passed Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3845/console This message is automatically generated. > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2256: Attachment: SENTRY-2256.4.patch > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch, SENTRY-2256.4.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500466#comment-16500466 ] Hadoop QA commented on SENTRY-2256: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926408/SENTRY-2256.3.patch against master. {color:red}Overall:{color} -1 due to an error {color:red}ERROR:{color} failed to build with patch (exit code 1) Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3846/console This message is automatically generated. > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2256) Make thrift API changes to get user privileges from Sentry
[ https://issues.apache.org/jira/browse/SENTRY-2256?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sergio Peña updated SENTRY-2256: Attachment: SENTRY-2256.3.patch > Make thrift API changes to get user privileges from Sentry > -- > > Key: SENTRY-2256 > URL: https://issues.apache.org/jira/browse/SENTRY-2256 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Sergio Peña >Assignee: Sergio Peña >Priority: Major > Attachments: SENTRY-2256.1.patch, SENTRY-2256.2.patch, > SENTRY-2256.3.patch > > > This subtask will add new thrift API changes to allow Sentry clients to > request user privileges from the Sentry server. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: SENTRY-2241.001.patch > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: (was: SENTRY-2241.001.patch) > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: (was: SENTRY-2241.001.patch) > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2244) Alter sentry role or user at granting privilege can avoid extra query to database
[ https://issues.apache.org/jira/browse/SENTRY-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2244: -- Attachment: SENTRY-2244.002.patch > Alter sentry role or user at granting privilege can avoid extra query to > database > - > > Key: SENTRY-2244 > URL: https://issues.apache.org/jira/browse/SENTRY-2244 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2244.001.patch, SENTRY-2244.002.patch, > SENTRY-2244.002.patch > > > In alterSentryRoleGrantPrivilegeCore and alterSentryUserGrantPrivilegeCore , > all of the privileges of a role or a user are already fetched from DB. In > following processing, there is no need to query DB to get privilege INSERT, > SELECT, ALL of this role again. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16500229#comment-16500229 ] Hadoop QA commented on SENTRY-2241: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926376/SENTRY-2241.001.patch against master. {color:red}Overall:{color} -1 due to an error {color:red}ERROR:{color} failed to apply patch (exit code 1): error: a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java: does not exist in index error: a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestSentryHiveAuthorizationTaskFactory.java: does not exist in index error: a/sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/metastore/TestSentrySyncHMSNotificationsPostEventListener.java: does not exist in index error: a/sentry-hdfs/sentry-hdfs-service/src/main/java/org/apache/sentry/hdfs/SentryPlugin.java: does not exist in index error: a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClient.java: does not exist in index error: a/sentry-service/sentry-service-api/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyServiceClientDefaultImpl.java: does not exist in index error: a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java: does not exist in index error: a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/SentryPolicyStorePlugin.java: does not exist in index error: a/sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/CounterWait.java: does not exist in index error: a/sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java: does not exist in index error: patch failed: sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java:78 Falling back to three-way merge... Applied patch to 'sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java' with conflicts. Going to apply patch with: git apply -p1 error: patch failed: sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java:78 Falling back to three-way merge... Applied patch to 'sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java' with conflicts. U sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/metastore/SentrySyncHMSNotificationsPostEventListener.java Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3843/console This message is automatically generated. > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch, SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2241) Extend the Sync Listener to pass owner information to sentry server.
[ https://issues.apache.org/jira/browse/SENTRY-2241?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] kalyan kumar kalvagadda updated SENTRY-2241: Attachment: SENTRY-2241.001.patch > Extend the Sync Listener to pass owner information to sentry server. > > > Key: SENTRY-2241 > URL: https://issues.apache.org/jira/browse/SENTRY-2241 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Attachments: SENTRY-2241.001.patch, SENTRY-2241.001.patch > > > Sentry has SentrySyncHMSNotificationsPostEventListener which is added a post > listener in HMS. This listener should be extended to get the owner > information of tables and databases. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2244) Alter sentry role or user at granting privilege can avoid extra query to database
[ https://issues.apache.org/jira/browse/SENTRY-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16499791#comment-16499791 ] Hadoop QA commented on SENTRY-2244: --- Here are the results of testing the latest attachment https://issues.apache.org/jira/secure/attachment/12926302/SENTRY-2244.002.patch against master. {color:red}Overall:{color} -1 due to 2 errors {color:red}ERROR:{color} mvn test exited 1 {color:red}ERROR:{color} Failed: org.apache.sentry.tests.e2e.hdfs.TestHDFSIntegrationAdvanced Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/3842/console This message is automatically generated. > Alter sentry role or user at granting privilege can avoid extra query to > database > - > > Key: SENTRY-2244 > URL: https://issues.apache.org/jira/browse/SENTRY-2244 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2244.001.patch, SENTRY-2244.002.patch > > > In alterSentryRoleGrantPrivilegeCore and alterSentryUserGrantPrivilegeCore , > all of the privileges of a role or a user are already fetched from DB. In > following processing, there is no need to query DB to get privilege INSERT, > SELECT, ALL of this role again. -- This message was sent by Atlassian JIRA (v7.6.3#76005)