You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Na Li via Review Board <no...@reviews.apache.org> on 2018/05/10 21:30:09 UTC

Review Request 67072: SENTRY-2228: Improve on how to handle unsupported Hive commands

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/
-----------------------------------------------------------

Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.


Bugs: sentry-2228
    https://issues.apache.org/jira/browse/sentry-2228


Repository: sentry


Description
-------

throw exception for unsupported hive commands


Diffs
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5 


Diff: https://reviews.apache.org/r/67072/diff/1/


Testing
-------


Thanks,

Na Li

Re: Review Request 67072: SENTRY-2228: Improve on how to handle unsupported Hive commands

Posted by Sergio Pena via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/#review203137
-----------------------------------------------------------




sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
Line 304 (original), 304-305 (patched)
<https://reviews.apache.org/r/67072/#comment285220>

    Should we deny roles with ALL privileges to execute these commands that do not have an authorization map?


- Sergio Pena


On May 10, 2018, 9:36 p.m., Na Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67072/
> -----------------------------------------------------------
> 
> (Updated May 10, 2018, 9:36 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
> 
> 
> Bugs: sentry-2228
>     https://issues.apache.org/jira/browse/sentry-2228
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> throw exception for unsupported hive commands
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5 
> 
> 
> Diff: https://reviews.apache.org/r/67072/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 67072: SENTRY-2228: Improve on how to handle unsupported Hive commands

Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/#review203118
-----------------------------------------------------------




sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
Line 304 (original), 304 (patched)
<https://reviews.apache.org/r/67072/#comment285196>

    Authorization may not be correct exception that should be thrown. Currently "SemanticException" is thrown when authorization fails. We need to maintain same behavior even for this case.


- kalyan kumar kalvagadda


On May 10, 2018, 9:36 p.m., Na Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67072/
> -----------------------------------------------------------
> 
> (Updated May 10, 2018, 9:36 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
> 
> 
> Bugs: sentry-2228
>     https://issues.apache.org/jira/browse/sentry-2228
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> throw exception for unsupported hive commands
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5 
> 
> 
> Diff: https://reviews.apache.org/r/67072/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 67072: SENTRY-2228: Improve on how to handle unsupported Hive commands

Posted by Na Li via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/#review203143
-----------------------------------------------------------




sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
Line 304 (original), 304-305 (patched)
<https://reviews.apache.org/r/67072/#comment285227>

    I need to do some research on the best way to handle this.
    
    1) have white list for commands that are processed in other places, like grant/revoke privileges, show databases.
    2) For DDL command, if the user has all privilege on the level of the input/ouput, then allow.


- Na Li


On May 10, 2018, 9:36 p.m., Na Li wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67072/
> -----------------------------------------------------------
> 
> (Updated May 10, 2018, 9:36 p.m.)
> 
> 
> Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
> 
> 
> Bugs: sentry-2228
>     https://issues.apache.org/jira/browse/sentry-2228
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> throw exception for unsupported hive commands
> 
> 
> Diffs
> -----
> 
>   sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5 
> 
> 
> Diff: https://reviews.apache.org/r/67072/diff/2/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Na Li
> 
>

Re: Review Request 67072: SENTRY-2228: Improve on how to handle unsupported Hive commands

Posted by Na Li via Review Board <no...@reviews.apache.org>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/
-----------------------------------------------------------

(Updated May 10, 2018, 9:36 p.m.)


Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.


Bugs: sentry-2228
    https://issues.apache.org/jira/browse/sentry-2228


Repository: sentry


Description
-------

throw exception for unsupported hive commands


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5 


Diff: https://reviews.apache.org/r/67072/diff/2/

Changes: https://reviews.apache.org/r/67072/diff/1-2/


Testing
-------


Thanks,

Na Li