You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2017/12/06 17:14:00 UTC

[jira] [Created] (SENTRY-2091) User-based Privilege is broken by SENTRY-769

Na Li created SENTRY-2091:
-----------------------------

             Summary: User-based Privilege is broken by SENTRY-769
                 Key: SENTRY-2091
                 URL: https://issues.apache.org/jira/browse/SENTRY-2091
             Project: Sentry
          Issue Type: Bug
          Components: Sentry
    Affects Versions: 2.1.0
            Reporter: Na Li
            Assignee: Na Li


SENTRY-769 throws exception when a user has no group. This breaks user-based privilege as the exception prevents getting privilege using user-based privilege.

For example, in the following code
{code}
Set<String> userPrivileges =
        authProvider.getPolicyEngine().getPrivileges(
            authProvider.getGroupMapping().getGroups(userName), Sets.newHashSet(userName),
            hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
{code}

when user has no group, the exception causes the processing stops even when user has privilege. 

The solution is to catch the exception, and continue the processing. 

{code}
try {
Set<String> groups = null;
try {
  groups = authProvider.getGroupMapping().getGroups(userName)
} catch (SentryGroupNotFoundException ex) {
  log.debug(...);
  groups = new HashSet<String>();
}

Set<String> userPrivileges =
        authProvider.getPolicyEngine().getPrivileges(
            groups, Sets.newHashSet(userName),
            hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());

        ...

}
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)