You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org> on 2018/07/03 11:51:03 UTC
Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/
-----------------------------------------------------------
Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
Bugs: SENTRY-2295
https://issues.apache.org/jira/browse/SENTRY-2295
Repository: sentry
Description
-------
There are two cases that should be considered.
When an admin user is created a database or table, owner privilege should not be added.
When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
Diffs
-----
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
Diff: https://reviews.apache.org/r/67807/diff/1/
Testing
-------
Updated unit tests to verify the same
Thanks,
kalyan kumar kalvagadda
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205685
-----------------------------------------------------------
Ship it!
Ship It!
- Na Li
On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 4:02 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/2/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
> On July 3, 2018, 6:20 p.m., Na Li wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 1522 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line1522>
> >
> > It is easier to read to change to {} instead of %s
LOGGER used in SentryPolicyStoreProcessor deosn't support this way.
- kalyan kumar
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205677
-----------------------------------------------------------
On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 4:02 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/2/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205677
-----------------------------------------------------------
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1522 (patched)
<https://reviews.apache.org/r/67807/#comment288572>
It is easier to read to change to {} instead of %s
- Na Li
On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 4:02 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/2/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by Arjun Mishra via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205674
-----------------------------------------------------------
Ship it!
Ship It!
- Arjun Mishra
On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 4:02 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/2/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/
-----------------------------------------------------------
(Updated July 3, 2018, 4:02 p.m.)
Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
Changes
-------
addressed review comments.
Bugs: SENTRY-2295
https://issues.apache.org/jira/browse/SENTRY-2295
Repository: sentry
Description
-------
There are two cases that should be considered.
When an admin user is created a database or table, owner privilege should not be added.
When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
Diffs (updated)
-----
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
Diff: https://reviews.apache.org/r/67807/diff/2/
Changes: https://reviews.apache.org/r/67807/diff/1-2/
Testing
-------
Updated unit tests to verify the same
Thanks,
kalyan kumar kalvagadda
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
> On July 3, 2018, 2:12 p.m., Arjun Mishra wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 1522 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line1522>
> >
> > Should this be thrown as an exception so user can be notified that owner privileges cannot be granted to admin users?
It's an error. This behavior will be made clear in the documentation.
- kalyan kumar
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205666
-----------------------------------------------------------
On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 11:51 a.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/1/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by Arjun Mishra via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205666
-----------------------------------------------------------
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1522 (patched)
<https://reviews.apache.org/r/67807/#comment288558>
Should this be thrown as an exception so user can be notified that owner privileges cannot be granted to admin users?
- Arjun Mishra
On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 11:51 a.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/1/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by Na Li via Review Board <no...@reviews.apache.org>.
> On July 3, 2018, 1:58 p.m., Arjun Mishra wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 993 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line993>
> >
> > Maybe keep the name consitent with isAdminGroup() so isAdminUser()
>
> kalyan kumar kalvagadda wrote:
> Changed it to isSentryAdminUser.
This is sentry code, so isAdminUser() should be enough
- Na
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205664
-----------------------------------------------------------
On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 11:51 a.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/1/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
> On July 3, 2018, 1:58 p.m., Arjun Mishra wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 993 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line993>
> >
> > Maybe keep the name consitent with isAdminGroup() so isAdminUser()
Changed it to isSentryAdminUser.
- kalyan kumar
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205664
-----------------------------------------------------------
On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 11:51 a.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/1/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>
Re: Review Request 67807: SENTRY-2295: Owner privileges should not be
granted to sentry admin users
Posted by Arjun Mishra via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205664
-----------------------------------------------------------
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 993 (patched)
<https://reviews.apache.org/r/67807/#comment288550>
Maybe keep the name consitent with isAdminGroup() so isAdminUser()
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1523 (patched)
<https://reviews.apache.org/r/67807/#comment288555>
Should this be request.getAuthorizable()? Because that translates to server,db,tbl so on.
The parameters should be switched
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1617 (patched)
<https://reviews.apache.org/r/67807/#comment288556>
Same as above. The parameter should be switched
- Arjun Mishra
On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
>
> (Updated July 3, 2018, 11:51 a.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2295
> https://issues.apache.org/jira/browse/SENTRY-2295
>
>
> Repository: sentry
>
>
> Description
> -------
>
> There are two cases that should be considered.
>
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
>
>
> Diffs
> -----
>
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7
> sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67
>
>
> Diff: https://reviews.apache.org/r/67807/diff/1/
>
>
> Testing
> -------
>
> Updated unit tests to verify the same
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>