You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2015/02/02 08:24:35 UTC

[jira] [Commented] (SENTRY-473) Support revoking privilege with grant option

    [ https://issues.apache.org/jira/browse/SENTRY-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14300962#comment-14300962 ] 

Hadoop QA commented on SENTRY-473:
----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12695878/SENTRY-473.005.patch against master.

{color:red}Overall:{color} -1 due to an error

{color:red}ERROR:{color} mvn test exited 1

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/340/console

This message is automatically generated.

> Support revoking privilege with grant option
> --------------------------------------------
>
>                 Key: SENTRY-473
>                 URL: https://issues.apache.org/jira/browse/SENTRY-473
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>         Attachments: SENTRY-473.001.patch, SENTRY-473.002.patch, SENTRY-473.003.patch, SENTRY-473.004.patch, SENTRY-473.005.patch
>
>
> SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking privilege with grant option in HIVE-7404.
> It looks like:
> {code}
> REVOKE [GRANT OPTION FOR]
>     priv_type [, priv_type ] ...
>     ON table_or_view_name
>     FROM principal_specification [, principal_specification] ... ;
> {code}
> We should support downgrade grant option for "GRANT OPTION FOR". It means when "GRANT OPTION FOR" set, we just modify grant option of this privilege from true to false.
> use cases:
> {code}
> 1. grant ALL on database db1 to role role1;
> 2. grant ALL on database db1 to role role2 with grant option;
> 3. revoke grant option for ALL on database db1 from role role1;
> 4. revoke grant option for ALL on database db1 from role role2;
> 5. revoke ALL on database db1 from role role2;
> {code}
> After 3rd command executed, role1 still has privilege with action ALL on db1, grant option is false.
> After 4th command executed, role2 downgrade privilege to grant option is false.
> After 5th command executed, role2 will remove privilege with action ALL on db1.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)