You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Na Li via Review Board <no...@reviews.apache.org> on 2018/05/10 21:30:09 UTC
Review Request 67072: SENTRY-2228: Improve on how to handle
unsupported Hive commands
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/
-----------------------------------------------------------
Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
Bugs: sentry-2228
https://issues.apache.org/jira/browse/sentry-2228
Repository: sentry
Description
-------
throw exception for unsupported hive commands
Diffs
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5
Diff: https://reviews.apache.org/r/67072/diff/1/
Testing
-------
Thanks,
Na Li
Re: Review Request 67072: SENTRY-2228: Improve on how to handle
unsupported Hive commands
Posted by Sergio Pena via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/#review203137
-----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
Line 304 (original), 304-305 (patched)
<https://reviews.apache.org/r/67072/#comment285220>
Should we deny roles with ALL privileges to execute these commands that do not have an authorization map?
- Sergio Pena
On May 10, 2018, 9:36 p.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67072/
> -----------------------------------------------------------
>
> (Updated May 10, 2018, 9:36 p.m.)
>
>
> Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
>
>
> Bugs: sentry-2228
> https://issues.apache.org/jira/browse/sentry-2228
>
>
> Repository: sentry
>
>
> Description
> -------
>
> throw exception for unsupported hive commands
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5
>
>
> Diff: https://reviews.apache.org/r/67072/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 67072: SENTRY-2228: Improve on how to handle
unsupported Hive commands
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/#review203118
-----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
Line 304 (original), 304 (patched)
<https://reviews.apache.org/r/67072/#comment285196>
Authorization may not be correct exception that should be thrown. Currently "SemanticException" is thrown when authorization fails. We need to maintain same behavior even for this case.
- kalyan kumar kalvagadda
On May 10, 2018, 9:36 p.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67072/
> -----------------------------------------------------------
>
> (Updated May 10, 2018, 9:36 p.m.)
>
>
> Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
>
>
> Bugs: sentry-2228
> https://issues.apache.org/jira/browse/sentry-2228
>
>
> Repository: sentry
>
>
> Description
> -------
>
> throw exception for unsupported hive commands
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5
>
>
> Diff: https://reviews.apache.org/r/67072/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 67072: SENTRY-2228: Improve on how to handle
unsupported Hive commands
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/#review203143
-----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java
Line 304 (original), 304-305 (patched)
<https://reviews.apache.org/r/67072/#comment285227>
I need to do some research on the best way to handle this.
1) have white list for commands that are processed in other places, like grant/revoke privileges, show databases.
2) For DDL command, if the user has all privilege on the level of the input/ouput, then allow.
- Na Li
On May 10, 2018, 9:36 p.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/67072/
> -----------------------------------------------------------
>
> (Updated May 10, 2018, 9:36 p.m.)
>
>
> Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
>
>
> Bugs: sentry-2228
> https://issues.apache.org/jira/browse/sentry-2228
>
>
> Repository: sentry
>
>
> Description
> -------
>
> throw exception for unsupported hive commands
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5
>
>
> Diff: https://reviews.apache.org/r/67072/diff/2/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 67072: SENTRY-2228: Improve on how to handle
unsupported Hive commands
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67072/
-----------------------------------------------------------
(Updated May 10, 2018, 9:36 p.m.)
Review request for sentry, Alexander Kolbasov, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
Bugs: sentry-2228
https://issues.apache.org/jira/browse/sentry-2228
Repository: sentry
Description
-------
throw exception for unsupported hive commands
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b5
Diff: https://reviews.apache.org/r/67072/diff/2/
Changes: https://reviews.apache.org/r/67072/diff/1-2/
Testing
-------
Thanks,
Na Li