You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Ryan P (JIRA)" <ji...@apache.org> on 2015/08/02 13:34:05 UTC

[jira] [Assigned] (SENTRY-827) Server Scope ALWAYS grants ALL

     [ https://issues.apache.org/jira/browse/SENTRY-827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ryan P reassigned SENTRY-827:
-----------------------------

    Assignee: Ryan P

> Server Scope ALWAYS grants ALL 
> -------------------------------
>
>                 Key: SENTRY-827
>                 URL: https://issues.apache.org/jira/browse/SENTRY-827
>             Project: Sentry
>          Issue Type: Bug
>            Reporter: Ryan P
>            Assignee: Ryan P
>
> In it's current state the following two commands result in ALL on SERVER server1:
> GRANT SELECT ON SERVER server1 TO ROLE read_role;
> GRANT INSERT ON SERVER server1 TO ROLE insert_role;
> This can cause users to unknowingly grant full privileges to user groups. Fixing this behavior will also allow us to mimic the previous behavior exhibited with Policy Files:
> read_role = server=server1->db=*->table=*->action=select
> insert_role = server=server1->db=*->table=*->action=insert
> Granting SELECT on SERVER would be far more pleasant than granting SELECT on each individual DATABASE



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)