You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2014/05/21 01:24:39 UTC

[jira] [Commented] (SENTRY-222) Privileges are sometimes granted to the wrong roles

    [ https://issues.apache.org/jira/browse/SENTRY-222?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14004114#comment-14004114 ] 

Arun Suresh commented on SENTRY-222:
------------------------------------

[~lskuff] I am not able to replicate the issue..

This is the test Case, which should fail if I understand correctly :

{quote}
public void testRoleGroupPrivilege() throws Exception {
    String requestorUserName = ADMIN_USER;
    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
    String roleName1 = "admin_r1";
    String roleName2 = "admin_r2";
    String groupName = "adminGroup";

    client.dropRoleIfExists(requestorUserName, requestorUserGroupNames,roleName1);
    client.createRole(requestorUserName, requestorUserGroupNames, roleName1);
    client.grantRoleToGroup(requestorUserName, requestorUserGroupNames, groupName, roleName1);
    client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName1, "server", "db", "table1", "ALL");

    client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName2);
    client.createRole(requestorUserName, requestorUserGroupNames, roleName2);
    client.grantRoleToGroup(requestorUserName, requestorUserGroupNames, groupName, roleName2);
    client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName2, "server", "db", "table2", "ALL");

    Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName1);
    assertTrue("Privilege not assigned to role1 !!", listPrivilegesByRoleName.size() == 1);
    assertEquals("Incorrect Privilege assigned to role1 !!", "table1", ((TSentryPrivilege)listPrivilegesByRoleName.toArray()[0]).getTableName());

    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName2);
    assertTrue("Privilege not assigned to role2 !!", listPrivilegesByRoleName.size() == 1);
    assertEquals("Incorrect Privilege assigned to role2 !!", "table2", ((TSentryPrivilege)listPrivilegesByRoleName.toArray()[0]).getTableName());
  }
{quote}

It passes for me

> Privileges are sometimes granted to the wrong roles
> ---------------------------------------------------
>
>                 Key: SENTRY-222
>                 URL: https://issues.apache.org/jira/browse/SENTRY-222
>             Project: Sentry
>          Issue Type: Bug
>            Reporter: Lenni Kuff
>            Priority: Blocker
>             Fix For: 1.4.0
>
>
> I have a workflow that does the following:
> # Create role role1 // (handle error if role already exists)
> # Grant role role1 to group "group1"
> # Grant role role1 privilege on table ...
> Using the same connection, I run:
> # Create role role2 // (handle error if role already exists)
> # Grant role role2 to group "group1"
> # Grant role role2 privilege on table ...
> After executing these operations, the backend sentry policy DB shows that the role2 privileges were actually granted to role1. 



--
This message was sent by Atlassian JIRA
(v6.2#6252)