You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Mathew Crocker (JIRA)" <ji...@apache.org> on 2017/04/03 18:19:41 UTC

[jira] [Updated] (SENTRY-1549) Attempt to remove privilege fails on role access

     [ https://issues.apache.org/jira/browse/SENTRY-1549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mathew Crocker updated SENTRY-1549:
-----------------------------------
    Fix Version/s:     (was: sentry-ha-redesign)

> Attempt to remove privilege fails on role access
> ------------------------------------------------
>
>                 Key: SENTRY-1549
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1549
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 1.8.0
>            Reporter: Alexander Kolbasov
>
> I was trying to remove a privilege from a role. This privilege had only WITH GRANT OPTION set. It was done using Thrift API. The result was interesting:
> {code}
> TransactionManager.executeTransactionWithRetry(TransactionManager.java:102)] The transaction has reac
> hed max retry number, will not retry again.
> javax.jdo.JDODetachedFieldAccessException: You have just attempted to access field "roles" yet this field was not detached when you detached the object. Either dont access this field, or detach it when detaching the object.
>         at org.apache.sentry.provider.db.service.model.MSentryPrivilege.jdoGetroles(MSentryPrivilege.java)
>         at org.apache.sentry.provider.db.service.model.MSentryPrivilege.removeRole(MSentryPrivilege.java:173)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.revokePrivilegeFromRole(SentryStore.java:570)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:498)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.access$800(SentryStore.java:95)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore$9.execute(SentryStore.java:458)
>         at org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:72)
>         at org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:93)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:451)
>         at org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:344)
>         at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1257)
>         at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1242)
>         at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
>         at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
>         at org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
>         at org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
>         at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> {code}
> {code}
> 2016-11-28 20:35:52,439 (pool-7-thread-10) [ERROR - org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:384)] Unknown error for request: TAlterSentryRoleRevokePrivilegeRequest(protocol_version:2, requestorUserName:akolb, roleName:r3, privilege:TSentryPrivilege(privilegeScope:, serverName:, dbName:, tableName:, URI:, action:, grantOption:TRUE, columnName:), privileges:[TSentryPrivilege(privilegeScope:, serverName:, dbName:, tableName:, URI:, action:, grantOption:TRUE, columnName:)]), message: The transaction has reached max retry number, will not retry again.
> {code}
> {code}
> java.lang.Exception: The transaction has reached max retry number, will not retry again.
>         at org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:103)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:451)
>         at org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:344)
>         at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1257)
>         at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1242)
>         at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
>         at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
>         at org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
>         at org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
>         at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.jdo.JDODetachedFieldAccessException: You have just attempted to access field "roles" yet this field was not detached when you detached the object. Either dont access this field, or detach it when detaching the object.
>         at org.apache.sentry.provider.db.service.model.MSentryPrivilege.jdoGetroles(MSentryPrivilege.java)
>         at org.apache.sentry.provider.db.service.model.MSentryPrivilege.removeRole(MSentryPrivilege.java:173)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.revokePrivilegeFromRole(SentryStore.java:570)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:498)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore.access$800(SentryStore.java:95)
>         at org.apache.sentry.provider.db.service.persistent.SentryStore$9.execute(SentryStore.java:458)
>         at org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransaction(TransactionManager.java:72)
>         at org.apache.sentry.provider.db.service.persistent.TransactionManager.executeTransactionWithRetry(TransactionManager.java:93)
>         ... 12 more
> 2016-11-28 20:35:52,440 (pool-7-thread-10) [INFO - org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:394)] {"serviceName":"Sentry-Service","userName":"akolb","impersonator":"","ipAddress":"/127.0.0.1","operation":"REVOKE_PRIVILEGE","eventTime":"1480394152439","operationText":"REVOKE  ON   FROM ROLE r3 WITH GRANT OPTION","allowed":"false","databaseName":"","tableName":"","column":null,"resourcePath":"","objectType":"PRINCIPAL"}
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)