You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Eric Lin via Review Board <no...@reviews.apache.org> on 2018/05/22 01:16:57 UTC

Re: Review Request 67231: SENTRY-2240 - User can DROP function under a database that he/she has no access

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67231/
-----------------------------------------------------------

(Updated May 22, 2018, 1:16 a.m.)


Review request for sentry.


Changes
-------

reverted changes to V2 classes based Na Li's review.


Summary (updated)
-----------------

SENTRY-2240 - User can DROP function under a database that he/she has no access


Bugs: SENTRY-2240
    https://issues.apache.org/jira/browse/SENTRY-2240


Repository: sentry


Description
-------

User can DROP UDF function under a database that he/she has no access to.

I created it as separate JIRA from SENTRY-781 due to changes are quite different.


Diffs (updated)
-----

  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b56 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java 447deaf5 
  sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 4f932ea6 
  sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java 3bbf6fb1 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java e0b584c6 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java 8306e953 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java bd0f978e 


Diff: https://reviews.apache.org/r/67231/diff/2/

Changes: https://reviews.apache.org/r/67231/diff/1-2/


Testing
-------

Manual testing + updated test cases.

1. user can create/drop function if he/she has ALL access to DB
2. user can't create/drop function if he/she does not have access to DB, nor tables
3. user can't create/drop function if he/she only has read access to DB
4. user can't create/drop function if he/she only has read access to a table under the DB
5. user can't create/drop function if he/she does not have access to URI JAR file


Thanks,

Eric Lin