You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Eric Lin via Review Board <no...@reviews.apache.org> on 2018/05/22 01:16:57 UTC
Re: Review Request 67231: SENTRY-2240 - User can DROP function under a
database that he/she has no access
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/67231/
-----------------------------------------------------------
(Updated May 22, 2018, 1:16 a.m.)
Review request for sentry.
Changes
-------
reverted changes to V2 classes based Na Li's review.
Summary (updated)
-----------------
SENTRY-2240 - User can DROP function under a database that he/she has no access
Bugs: SENTRY-2240
https://issues.apache.org/jira/browse/SENTRY-2240
Repository: sentry
Description
-------
User can DROP UDF function under a database that he/she has no access to.
I created it as separate JIRA from SENTRY-781 due to changes are quite different.
Diffs (updated)
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/HiveAuthzBindingHook.java 09bd9b56
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java 447deaf5
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 4f932ea6
sentry-binding/sentry-binding-hive/src/test/java/org/apache/sentry/binding/hive/TestHiveAuthzBindings.java 3bbf6fb1
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/AbstractTestWithStaticConfiguration.java e0b584c6
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/StaticUserGroup.java 8306e953
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java bd0f978e
Diff: https://reviews.apache.org/r/67231/diff/2/
Changes: https://reviews.apache.org/r/67231/diff/1-2/
Testing
-------
Manual testing + updated test cases.
1. user can create/drop function if he/she has ALL access to DB
2. user can't create/drop function if he/she does not have access to DB, nor tables
3. user can't create/drop function if he/she only has read access to DB
4. user can't create/drop function if he/she only has read access to a table under the DB
5. user can't create/drop function if he/she does not have access to URI JAR file
Thanks,
Eric Lin