You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Ben Breakstone (JIRA)" <ji...@apache.org> on 2018/10/31 16:34:00 UTC

[jira] [Commented] (SENTRY-1407) 'default' database is listed without having any grants on it

    [ https://issues.apache.org/jira/browse/SENTRY-1407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670354#comment-16670354 ] 

Ben Breakstone commented on SENTRY-1407:
----------------------------------------

[~morhidi], this behavior is an exception to the standard security model. My understanding is that some client was found in testing to experience a critical failure if the "default" database couldn't be listed (although I haven't been able to learn exactly which client). 

In Hive, you can get the "default" database to follow the same behavior as other databases by configuring sentry.hive.restrict.defaultDB = true.

Unfortunately, Impala doesn't have an equivalent option. See IMPALA-7334 for a feature request to add one.

> 'default' database is listed without having any grants on it
> ------------------------------------------------------------
>
>                 Key: SENTRY-1407
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1407
>             Project: Sentry
>          Issue Type: Bug
>          Components: Hive V2
>    Affects Versions: 1.5.1
>            Reporter: Matyas Orhidi
>            Priority: Major
>
> {{default}} database should not be listed when issuing the {{show database}} command and the user has no privileges on the object:
> {code}
> 0: jdbc:hive2://localhost:10000/default> show current roles;
> +---------------+--+
> |     role      |
> +---------------+--+
> | analyst_role  |
> +---------------+--+
> 1 row selected (0.086 seconds)
> 0: jdbc:hive2://localhost:10000/default> show grant role analyst_role;
> +------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> |     database     | table  | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |    grant_time     | grantor  |
> +------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | sample_database  |        |            |         | analyst_role    | ROLE            | *          | false         | 1464280571499000  | --       |
> +------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> 1 row selected (0.087 seconds)
> 0: jdbc:hive2://localhost:10000/default> show databases;
> +------------------+--+
> |  database_name   |
> +------------------+--+
> | default          |
> | sample_database  |
> +------------------+--+
> 2 rows selected (0.137 seconds)
> 0: jdbc:hive2://localhost:10000/default>
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)