You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Dapeng Sun (JIRA)" <ji...@apache.org> on 2015/04/20 09:55:59 UTC

[jira] [Updated] (SENTRY-473) Support revoking privilege with grant option at same level

     [ https://issues.apache.org/jira/browse/SENTRY-473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Dapeng Sun updated SENTRY-473:
------------------------------
    Summary: Support revoking privilege with grant option at same level  (was: Support revoking privilege with grant option with same level)

> Support revoking privilege with grant option at same level
> ----------------------------------------------------------
>
>                 Key: SENTRY-473
>                 URL: https://issues.apache.org/jira/browse/SENTRY-473
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>         Attachments: SENTRY-473.001.patch, SENTRY-473.002.patch, SENTRY-473.003.patch, SENTRY-473.004.patch, SENTRY-473.005.patch, SENTRY-473.006.patch, SENTRY-473.007.patch
>
>
> SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking privilege with grant option in HIVE-7404.
> It looks like:
> {code}
> REVOKE [GRANT OPTION FOR]
>     priv_type [, priv_type ] ...
>     ON table_or_view_name
>     FROM principal_specification [, principal_specification] ... ;
> {code}
> We should support downgrade grant option for "GRANT OPTION FOR". It means when "GRANT OPTION FOR" set, we just modify grant option of this privilege from true to false.
> use cases:
> {code}
> 1. grant ALL on database db1 to role role1;
> 2. grant ALL on database db1 to role role2 with grant option;
> 3. revoke grant option for ALL on database db1 from role role1;
> 4. revoke grant option for ALL on database db1 from role role2;
> 5. revoke ALL on database db1 from role role2;
> {code}
> After 3rd command executed, role1 still has privilege with action ALL on db1, grant option is false.
> After 4th command executed, role2 downgrade privilege to grant option is false.
> After 5th command executed, role2 will remove privilege with action ALL on db1.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)