You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2014/05/21 01:24:39 UTC
[jira] [Commented] (SENTRY-222) Privileges are sometimes granted to
the wrong roles
[ https://issues.apache.org/jira/browse/SENTRY-222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14004114#comment-14004114 ]
Arun Suresh commented on SENTRY-222:
------------------------------------
[~lskuff] I am not able to replicate the issue..
This is the test Case, which should fail if I understand correctly :
{quote}
public void testRoleGroupPrivilege() throws Exception {
String requestorUserName = ADMIN_USER;
Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
String roleName1 = "admin_r1";
String roleName2 = "admin_r2";
String groupName = "adminGroup";
client.dropRoleIfExists(requestorUserName, requestorUserGroupNames,roleName1);
client.createRole(requestorUserName, requestorUserGroupNames, roleName1);
client.grantRoleToGroup(requestorUserName, requestorUserGroupNames, groupName, roleName1);
client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName1, "server", "db", "table1", "ALL");
client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName2);
client.createRole(requestorUserName, requestorUserGroupNames, roleName2);
client.grantRoleToGroup(requestorUserName, requestorUserGroupNames, groupName, roleName2);
client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName2, "server", "db", "table2", "ALL");
Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName1);
assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1);
assertEquals("Incorrect Privilege assigned to role1 !!", "table1", ((TSentryPrivilege)listPrivilegesByRoleName.toArray()[0]).getTableName());
listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName2);
assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1);
assertEquals("Incorrect Privilege assigned to role2 !!", "table2", ((TSentryPrivilege)listPrivilegesByRoleName.toArray()[0]).getTableName());
}
{quote}
It passes for me
> Privileges are sometimes granted to the wrong roles
> ---------------------------------------------------
>
> Key: SENTRY-222
> URL: https://issues.apache.org/jira/browse/SENTRY-222
> Project: Sentry
> Issue Type: Bug
> Reporter: Lenni Kuff
> Priority: Blocker
> Fix For: 1.4.0
>
>
> I have a workflow that does the following:
> # Create role role1 // (handle error if role already exists)
> # Grant role role1 to group "group1"
> # Grant role role1 privilege on table ...
> Using the same connection, I run:
> # Create role role2 // (handle error if role already exists)
> # Grant role role2 to group "group1"
> # Grant role role2 privilege on table ...
> After executing these operations, the backend sentry policy DB shows that the role2 privileges were actually granted to role1.
--
This message was sent by Atlassian JIRA
(v6.2#6252)