You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "kalyan kumar kalvagadda (JIRA)" <ji...@apache.org> on 2019/01/25 18:26:00 UTC

[jira] [Commented] (SENTRY-2490) NN is unfamiliar with REFRESH privileges and sets FSAction to NONE on the group when it sees it in a full update

    [ https://issues.apache.org/jira/browse/SENTRY-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16752545#comment-16752545 ] 

kalyan kumar kalvagadda commented on SENTRY-2490:
-------------------------------------------------

[~arjunmishra13] If you look at the code below

 {noformat}
  private static FsAction getFAction(String sentryPriv) {
    String[] strPrivs = sentryPriv.trim().split(",");
    FsAction retVal = FsAction.NONE;
    for (String strPriv : strPrivs) {
      FsAction action = ACTION_MAPPING.get(strPriv.toUpperCase());
      if (action == null) {
        // Encountered a privilege that is not supported. Since we do not know what
        // to do with it we just drop all access.
        LOG.warn("Unsupported privilege {}, disabling all access", strPriv);
        action = FsAction.NONE;
      }
      retVal = retVal.or(action);
    }
    return retVal;
  }
{noformat}

At this libe *retVal = retVal.or(action)*, if the action is NONE, it may not update the *retval*. 

> NN is unfamiliar with REFRESH privileges and sets FSAction to NONE on the group when it sees it in a full update
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-2490
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2490
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Arjun Mishra
>            Assignee: Arjun Mishra
>            Priority: Major
>
> When NN tries to get the FS action on Sentry managed paths, it checks against the ACTION_MAPPING map values. Currently this dataset doesn't have REFRESH listed. When NN sees a REFRESH privilege it will flag it as unsupported and set the FS action as NONE on that path for that group. This seems to happen only with full update. It will also override any other privilege that group had on that path



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)