You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2018/10/24 03:22:00 UTC

[jira] [Commented] (SENTRY-2433) Dropping object privileges does not include update of dropping user privileges

    [ https://issues.apache.org/jira/browse/SENTRY-2433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16661670#comment-16661670 ] 

Na Li commented on SENTRY-2433:
-------------------------------

This bug is introduced in https://issues.apache.org/jira/browse/SENTRY-432

we have two bugs 1) when dropping an object, only creates update that says to remove all role-based privileges. 2) when the update says to remove all role-based privilege, all privileges (including user-based privileges) are removed. The combined result of both bugs is that when an object is removed, all privileges are removed. Therefore, there is NO critical security issue. We can fix these two bugs later, not in 5.16.0.

{code}
 1) Bug #1: when dropping an object, only creates update that says to remove all role-based privileges.
   1.1) NotificationProcessor.java
   @VisibleForTesting
  static Update getPermUpdatableOnDrop(TSentryAuthorizable authorizable)
      throws SentryInvalidInputException {
    PermissionsUpdate update = new PermissionsUpdate(ProviderConstants.INIT_CHANGE_ID, false);
    String authzObj = SentryServiceUtil.getAuthzObj(authorizable);

    update.addPrivilegeUpdate(authzObj)
	.putToDelPrivileges(new TPrivilegePrincipal(TPrivilegePrincipalType.ROLE, 
            PermissionsUpdate.ALL_ROLES), PermissionsUpdate.ALL_ROLES);
    return update;
  }
  
  1.2) SentryPlugin.java
  @Override
  public Update onDropSentryPrivilege(TDropPrivilegesRequest request)
      throws SentryPluginException {
    Preconditions.checkNotNull(request, "request");
    if (LOGGER.isTraceEnabled()) {
      LOGGER.trace("onDropSentryPrivilege: {}", request); // request.toString() provides all details
    }
{code}

My plan is to 
1) use PermissionsUpdate.ALL_PRIVS in "1.1) NotificationProcessor.java static Update getPermUpdatableOnDrop(TSentryAuthorizable authorizable)" and "SentryPlugin.java public Update onDropSentryPrivilege(TDropPrivilegesRequest request)" instead of "PermissionsUpdate.ALL_ROLES"
2) check PermissionsUpdate.ALL_PRIVS instead of PermissionsUpdate.ALL_ROLES in UpdateableAuthzPermissions.applyPrivilegeUpdates() in "pUpdate.getDelPrivileges()" processing.

It is better to fix both bug in one patch. Otherwise, fix in each bug will fail the integration test.

> Dropping object privileges does not include update of dropping user privileges
> ------------------------------------------------------------------------------
>
>                 Key: SENTRY-2433
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2433
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0, 2.2.0
>            Reporter: Na Li
>            Assignee: Na Li
>            Priority: Major
>
> When dropping privileges of an object, the update of this processing only includes dropping role based privileges, and does not includes dropping user based privileges.
> If the to-be-dropped object is an external table, the path at HDFS still exists, and the user access wills till be there even after sentry privileges associated with that external table is dropped. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)