You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2017/12/06 17:14:00 UTC
[jira] [Created] (SENTRY-2091) User-based Privilege is broken by
SENTRY-769
Na Li created SENTRY-2091:
-----------------------------
Summary: User-based Privilege is broken by SENTRY-769
Key: SENTRY-2091
URL: https://issues.apache.org/jira/browse/SENTRY-2091
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.1.0
Reporter: Na Li
Assignee: Na Li
SENTRY-769 throws exception when a user has no group. This breaks user-based privilege as the exception prevents getting privilege using user-based privilege.
For example, in the following code
{code}
Set<String> userPrivileges =
authProvider.getPolicyEngine().getPrivileges(
authProvider.getGroupMapping().getGroups(userName), Sets.newHashSet(userName),
hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
{code}
when user has no group, the exception causes the processing stops even when user has privilege.
The solution is to catch the exception, and continue the processing.
{code}
try {
Set<String> groups = null;
try {
groups = authProvider.getGroupMapping().getGroups(userName)
} catch (SentryGroupNotFoundException ex) {
log.debug(...);
groups = new HashSet<String>();
}
Set<String> userPrivileges =
authProvider.getPolicyEngine().getPrivileges(
groups, Sets.newHashSet(userName),
hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());
...
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)