You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org> on 2018/07/03 11:51:03 UTC

Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/
-----------------------------------------------------------

Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.


Bugs: SENTRY-2295
    https://issues.apache.org/jira/browse/SENTRY-2295


Repository: sentry


Description
-------

There are two cases that should be considered.

When an admin user is created a database or table, owner privilege should not be added.
When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.


Diffs
-----

  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
  sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 


Diff: https://reviews.apache.org/r/67807/diff/1/


Testing
-------

Updated unit tests to verify the same


Thanks,

kalyan kumar kalvagadda

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by Na Li via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205685
-----------------------------------------------------------


Ship it!




Ship It!

- Na Li


On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 4:02 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/2/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.


> On July 3, 2018, 6:20 p.m., Na Li wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 1522 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line1522>
> >
> >     It is easier to read to change to {} instead of %s

LOGGER used in SentryPolicyStoreProcessor deosn't support this way.


- kalyan kumar


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205677
-----------------------------------------------------------


On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 4:02 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/2/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by Na Li via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205677
-----------------------------------------------------------




sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1522 (patched)
<https://reviews.apache.org/r/67807/#comment288572>

    It is easier to read to change to {} instead of %s


- Na Li


On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 4:02 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/2/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by Arjun Mishra via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205674
-----------------------------------------------------------


Ship it!




Ship It!

- Arjun Mishra


On July 3, 2018, 4:02 p.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 4:02 p.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/2/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/
-----------------------------------------------------------

(Updated July 3, 2018, 4:02 p.m.)


Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.


Changes
-------

addressed review comments.


Bugs: SENTRY-2295
    https://issues.apache.org/jira/browse/SENTRY-2295


Repository: sentry


Description
-------

There are two cases that should be considered.

When an admin user is created a database or table, owner privilege should not be added.
When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.


Diffs (updated)
-----

  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
  sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
  sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 


Diff: https://reviews.apache.org/r/67807/diff/2/

Changes: https://reviews.apache.org/r/67807/diff/1-2/


Testing
-------

Updated unit tests to verify the same


Thanks,

kalyan kumar kalvagadda

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.


> On July 3, 2018, 2:12 p.m., Arjun Mishra wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 1522 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line1522>
> >
> >     Should this be thrown as an exception so user can be notified that owner privileges cannot be granted to admin users?

It's an error. This behavior will be made clear in the documentation.


- kalyan kumar


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205666
-----------------------------------------------------------


On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 11:51 a.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/1/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by Arjun Mishra via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205666
-----------------------------------------------------------




sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1522 (patched)
<https://reviews.apache.org/r/67807/#comment288558>

    Should this be thrown as an exception so user can be notified that owner privileges cannot be granted to admin users?


- Arjun Mishra


On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 11:51 a.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/1/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by Na Li via Review Board <no...@reviews.apache.org>.


> On July 3, 2018, 1:58 p.m., Arjun Mishra wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 993 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line993>
> >
> >     Maybe keep the name consitent with isAdminGroup() so  isAdminUser()
> 
> kalyan kumar kalvagadda wrote:
>     Changed it to isSentryAdminUser.

This is sentry code, so isAdminUser() should be enough


- Na


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205664
-----------------------------------------------------------


On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 11:51 a.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/1/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.


> On July 3, 2018, 1:58 p.m., Arjun Mishra wrote:
> > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
> > Lines 993 (patched)
> > <https://reviews.apache.org/r/67807/diff/1/?file=2049198#file2049198line993>
> >
> >     Maybe keep the name consitent with isAdminGroup() so  isAdminUser()

Changed it to isSentryAdminUser.


- kalyan kumar


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205664
-----------------------------------------------------------


On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 11:51 a.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/1/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>

Re: Review Request 67807: SENTRY-2295: Owner privileges should not be granted to sentry admin users

Posted by Arjun Mishra via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67807/#review205664
-----------------------------------------------------------




sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 993 (patched)
<https://reviews.apache.org/r/67807/#comment288550>

    Maybe keep the name consitent with isAdminGroup() so  isAdminUser()



sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1523 (patched)
<https://reviews.apache.org/r/67807/#comment288555>

    Should this be request.getAuthorizable()? Because that translates to server,db,tbl so on.
    The parameters should be switched



sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java
Lines 1617 (patched)
<https://reviews.apache.org/r/67807/#comment288556>

    Same as above. The parameter should be switched


- Arjun Mishra


On July 3, 2018, 11:51 a.m., kalyan kumar kalvagadda wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67807/
> -----------------------------------------------------------
> 
> (Updated July 3, 2018, 11:51 a.m.)
> 
> 
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
> 
> 
> Bugs: SENTRY-2295
>     https://issues.apache.org/jira/browse/SENTRY-2295
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> There are two cases that should be considered.
> 
> When an admin user is created a database or table, owner privilege should not be added.
> When the ownership is transferred to an admin user, existing owner privilege should be revoked but new one should not be added.
> 
> 
> Diffs
> -----
> 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/api/service/thrift/SentryPolicyStoreProcessor.java 95ae15d614740747c7196dddb1e8303472a7289b 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 004f06d138e5829fc72c1d66d07aa9988ff1a5d3 
>   sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStoreInterface.java 19c29725a2354d23652e4905ee694f7f8ea3f7f7 
>   sentry-service/sentry-service-server/src/test/java/org/apache/sentry/api/service/thrift/TestSentryPolicyStoreProcessor.java c8051e356e5f44f8d3ef69432b886ef26de13f67 
> 
> 
> Diff: https://reviews.apache.org/r/67807/diff/1/
> 
> 
> Testing
> -------
> 
> Updated unit tests to verify the same
> 
> 
> Thanks,
> 
> kalyan kumar kalvagadda
> 
>