You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "guoquan (JIRA)" <ji...@apache.org> on 2015/04/03 09:37:52 UTC

[jira] [Updated] (SENTRY-693) The generic model has not successfully revoke part of privileges from existed ALL privilege

     [ https://issues.apache.org/jira/browse/SENTRY-693?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

guoquan updated SENTRY-693:
---------------------------
    Description: 
When the SENTRY-612 has done the integration test with Sqoop team. I found there existed a revoke problem as following:
sqoop:000> grant privilege -a read  --resource-type connector --resource 3 --principal-type role --principal user1 
sqoop:000> grant privilege -a all  --resource-type connector --resource 3 --principal-type role --principal user1
sqoop:000> show privilege --principal-type role --principal user1 
+--------+---------------+---------------+------------+
| Action | Resource Name | Resource Type | With Grant |
+--------+---------------+---------------+------------+
| ALL    | 3             | CONNECTOR     | false      |
+--------+---------------+---------------+------------+
sqoop:000> revoke privilege -a read  --resource-type connector --resource 3 --principal-type role --principal user1
Revoked action read on resource connector 3 to principal role user1 successfully
sqoop:000> show privilege --principal-type role --principal user1                                                  
+--------+---------------+---------------+------------+
| Action | Resource Name | Resource Type | With Grant |
+--------+---------------+---------------+------------+
+--------+---------------+---------------+------------+

It is not correct. It should be show the write privilege.

> The generic model has not successfully revoke part of privileges from existed ALL privilege
> -------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-693
>                 URL: https://issues.apache.org/jira/browse/SENTRY-693
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: guoquan
>            Assignee: guoquan
>
> When the SENTRY-612 has done the integration test with Sqoop team. I found there existed a revoke problem as following:
> sqoop:000> grant privilege -a read  --resource-type connector --resource 3 --principal-type role --principal user1 
> sqoop:000> grant privilege -a all  --resource-type connector --resource 3 --principal-type role --principal user1
> sqoop:000> show privilege --principal-type role --principal user1 
> +--------+---------------+---------------+------------+
> | Action | Resource Name | Resource Type | With Grant |
> +--------+---------------+---------------+------------+
> | ALL    | 3             | CONNECTOR     | false      |
> +--------+---------------+---------------+------------+
> sqoop:000> revoke privilege -a read  --resource-type connector --resource 3 --principal-type role --principal user1
> Revoked action read on resource connector 3 to principal role user1 successfully
> sqoop:000> show privilege --principal-type role --principal user1                                                  
> +--------+---------------+---------------+------------+
> | Action | Resource Name | Resource Type | With Grant |
> +--------+---------------+---------------+------------+
> +--------+---------------+---------------+------------+
> It is not correct. It should be show the write privilege.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)