You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Ryan P (JIRA)" <ji...@apache.org> on 2015/03/08 02:58:38 UTC

[jira] [Created] (SENTRY-666) Grant assumes Table object when not passed both an object and a name

Ryan P created SENTRY-666:
-----------------------------

             Summary: Grant assumes Table object when not passed both an object and a name
                 Key: SENTRY-666
                 URL: https://issues.apache.org/jira/browse/SENTRY-666
             Project: Sentry
          Issue Type: Bug
    Affects Versions: 1.4.0
            Reporter: Ryan P
            Priority: Minor


If you pass only one argument to the grant statement it assumes you are setting privileges for the table object.

0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> grant all on server1 to role test;
No rows affected (0.198 seconds)
0: jdbc:hive2://ryan-p-2.ent.cloudera.com:100> show grant role test;
+-----------+------------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database  |   table    | partition  | column  | principal_name  | principal_type  | privilege  | grant_option  |    grant_time     | grantor  |
+-----------+------------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| default   | test       |            |         | test            | ROLE            | *          | false         | 1425774500157000  | --       |
| /tmp      |            |            |         | test            | ROLE            | *          | false         | 1425775719259000  | --       |
| default   | ta         |            |         | test            | ROLE            | *          | false         | 1425777721565000  | --       |
| default   | server1    |            |         | test            | ROLE            | *          | false         | 1421854212609000  | --       |
| default   | testpatch  |            |         | test            | ROLE            | select     | false         | 1425774558034000  | --       |
+-----------+------------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
5 rows selected (0.217 seconds)

I understand this was probably done for convenience but it can cause confusion for first-time users. At a quick glance it would appear as if I am granting all on server to role test. 





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)