You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by shen guoquan <gu...@intel.com> on 2015/08/31 16:34:13 UTC
Review Request 37952: SENTRY-846: [column level privilege] show table
extended doesn't require table level privilege
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37952/
-----------------------------------------------------------
Review request for sentry, Colin Ma, Dapeng Sun, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
use column level privilege,
{code}
0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show tables in test_db like 'test_tb';
+-----------+--+
| tab_name |
+-----------+--+
| test_tb |
+-----------+--+
show table extended in test_db like 'test_tb';
Error: Error while compiling statement: FAILED: SemanticException No valid privileges
Required privileges for this query: Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; (state=42000,code=40000)
{code}
We want to let user see their column info.such as,
{noformat}
columns:struct columns { string s, i32 i}
{noformat}
Diffs
-----
sentry-binding/sentry-binding-hive/pom.xml fabfbbc
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java d47ca3b
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterJsonMetaDataFormatter.java PRE-CREATION
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterTextMetaDataFormatter.java PRE-CREATION
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 62410c7
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java e721555
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java 718a736
Diff: https://reviews.apache.org/r/37952/diff/
Testing
-------
Run through the local environment
Thanks,
shen guoquan
Re: Review Request 37952: SENTRY-846: [column level privilege] show
table extended doesn't require table level privilege
Posted by shen guoquan <gu...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37952/
-----------------------------------------------------------
(Updated 九月 1, 2015, 2:51 a.m.)
Review request for sentry, Colin Ma, Dapeng Sun, and Sravya Tirukkovalur.
Repository: sentry
Description
-------
use column level privilege,
{code}
0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show tables in test_db like 'test_tb';
+-----------+--+
| tab_name |
+-----------+--+
| test_tb |
+-----------+--+
show table extended in test_db like 'test_tb';
Error: Error while compiling statement: FAILED: SemanticException No valid privileges
Required privileges for this query: Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; (state=42000,code=40000)
{code}
We want to let user see their column info.such as,
{noformat}
columns:struct columns { string s, i32 i}
{noformat}
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java d47ca3b
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterJsonMetaDataFormatter.java PRE-CREATION
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterTextMetaDataFormatter.java PRE-CREATION
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 62410c7
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java e721555
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java 718a736
Diff: https://reviews.apache.org/r/37952/diff/
Testing
-------
Run through the local environment
Thanks,
shen guoquan
Re: Review Request 37952: SENTRY-846: [column level privilege] show
table extended doesn't require table level privilege
Posted by shen guoquan <gu...@intel.com>.
> On 九月 1, 2015, 1:29 a.m., Colin Ma wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java, line 541
> > <https://reviews.apache.org/r/37952/diff/1/?file=1060326#file1060326line541>
> >
> > Please add some comments like "workaround for metadata queries........."
OK, I will add some comments. Thanks for your advice.
> On 九月 1, 2015, 1:29 a.m., Colin Ma wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterTextMetaDataFormatter.java, line 51
> > <https://reviews.apache.org/r/37952/diff/1/?file=1060325#file1060325line51>
> >
> > is there any risk of NPE?
List<Table> tbls = new ArrayList<Table>(); so there is no risk of NPE. Thanks for your comments.
> On 九月 1, 2015, 1:29 a.m., Colin Ma wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterJsonMetaDataFormatter.java, line 50
> > <https://reviews.apache.org/r/37952/diff/1/?file=1060324#file1060324line50>
> >
> > is there any risk of NPE?
List<Table> tbls = new ArrayList<Table>(); so there is no risk of NPE. Thanks for your comments.
> On 九月 1, 2015, 1:29 a.m., Colin Ma wrote:
> > sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java, line 167
> > <https://reviews.apache.org/r/37952/diff/1/?file=1060323#file1060323line167>
> >
> > The reflection is not necessary here.
The formatter is a private field of DDLTask instance. There is no setter method to change. So I ues the reflection to change it.
> On 九月 1, 2015, 1:29 a.m., Colin Ma wrote:
> > sentry-binding/sentry-binding-hive/pom.xml, line 67
> > <https://reviews.apache.org/r/37952/diff/1/?file=1060322#file1060322line67>
> >
> > The new dependency is not necessary.
The formatter is a private field of DDLTask instance. There is no setter method to change. So I ues the reflection to change it.
- shen
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37952/#review97219
-----------------------------------------------------------
On 八月 31, 2015, 2:34 p.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37952/
> -----------------------------------------------------------
>
> (Updated 八月 31, 2015, 2:34 p.m.)
>
>
> Review request for sentry, Colin Ma, Dapeng Sun, and Sravya Tirukkovalur.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> use column level privilege,
> {code}
> 0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show tables in test_db like 'test_tb';
> +-----------+--+
> | tab_name |
> +-----------+--+
> | test_tb |
> +-----------+--+
>
> show table extended in test_db like 'test_tb';
> Error: Error while compiling statement: FAILED: SemanticException No valid privileges
> Required privileges for this query: Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; (state=42000,code=40000)
> {code}
>
> We want to let user see their column info.such as,
>
> {noformat}
> columns:struct columns { string s, i32 i}
> {noformat}
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/pom.xml fabfbbc
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java d47ca3b
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterJsonMetaDataFormatter.java PRE-CREATION
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterTextMetaDataFormatter.java PRE-CREATION
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 62410c7
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java e721555
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java 718a736
>
> Diff: https://reviews.apache.org/r/37952/diff/
>
>
> Testing
> -------
>
> Run through the local environment
>
>
> Thanks,
>
> shen guoquan
>
>
Re: Review Request 37952: SENTRY-846: [column level privilege] show
table extended doesn't require table level privilege
Posted by Colin Ma <ju...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37952/#review97219
-----------------------------------------------------------
sentry-binding/sentry-binding-hive/pom.xml (line 67)
<https://reviews.apache.org/r/37952/#comment153013>
The new dependency is not necessary.
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java (line 167)
<https://reviews.apache.org/r/37952/#comment153012>
The reflection is not necessary here.
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterJsonMetaDataFormatter.java (line 50)
<https://reviews.apache.org/r/37952/#comment153018>
is there any risk of NPE?
sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterTextMetaDataFormatter.java (line 51)
<https://reviews.apache.org/r/37952/#comment153019>
is there any risk of NPE?
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java (line 541)
<https://reviews.apache.org/r/37952/#comment153017>
Please add some comments like "workaround for metadata queries........."
- Colin Ma
On Aug. 31, 2015, 2:34 p.m., shen guoquan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37952/
> -----------------------------------------------------------
>
> (Updated Aug. 31, 2015, 2:34 p.m.)
>
>
> Review request for sentry, Colin Ma, Dapeng Sun, and Sravya Tirukkovalur.
>
>
> Repository: sentry
>
>
> Description
> -------
>
> use column level privilege,
> {code}
> 0: jdbc:hive2://anneyu-cdh55-1.vpc.cloudera.c> show tables in test_db like 'test_tb';
> +-----------+--+
> | tab_name |
> +-----------+--+
> | test_tb |
> +-----------+--+
>
> show table extended in test_db like 'test_tb';
> Error: Error while compiling statement: FAILED: SemanticException No valid privileges
> Required privileges for this query: Server=server1->Db=test_db->Table=test_tb->action=insert;Server=server1->Db=test_db->Table=test_tb->action=select; (state=42000,code=40000)
> {code}
>
> We want to let user see their column info.such as,
>
> {noformat}
> columns:struct columns { string s, i32 i}
> {noformat}
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/pom.xml fabfbbc
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/exec/SentryFilterDDLTask.java d47ca3b
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterJsonMetaDataFormatter.java PRE-CREATION
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/hadoop/hive/ql/metadata/formatting/SentryFilterTextMetaDataFormatter.java PRE-CREATION
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 62410c7
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java e721555
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestColumnEndToEnd.java 718a736
>
> Diff: https://reviews.apache.org/r/37952/diff/
>
>
> Testing
> -------
>
> Run through the local environment
>
>
> Thanks,
>
> shen guoquan
>
>