You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/05/17 04:24:10 UTC

git commit: SENTRY-205: Sentry throws Exception when trying to revoke Table level privileges (Arun Suresh via Prasad Mujumdar)

Repository: incubator-sentry
Updated Branches:
  refs/heads/master b3ee46494 -> 5fc968e6c


SENTRY-205: Sentry throws Exception when trying to revoke Table level privileges (Arun Suresh via Prasad Mujumdar)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/5fc968e6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/5fc968e6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/5fc968e6

Branch: refs/heads/master
Commit: 5fc968e6caa2a7a3c4b7a75de6c93ff0dba89c9b
Parents: b3ee464
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Fri May 16 19:22:37 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Fri May 16 19:22:37 2014 -0700

----------------------------------------------------------------------
 .../service/thrift/SentryPolicyServiceClient.java |  1 +
 .../thrift/TestSentryServiceIntegration.java      | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5fc968e6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 33b8735..5f8a65f 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -300,6 +300,7 @@ public class SentryPolicyServiceClient {
     privilege.setServerName(serverName);
     privilege.setURI(uri);
     privilege.setDbName(db);
+    privilege.setTableName(table);
     privilege.setAction(action);
     privilege.setGrantorPrincipal(requestorUserName);
     privilege.setCreateTime(System.currentTimeMillis());

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5fc968e6/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index e211079..1e4ed17 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -49,6 +49,24 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
     }
     client.dropRole(requestorUserName, requestorUserGroupNames, roleName);
   }
+  
+  @Test
+  public void testGranRevokePrivilegeOnTableForRole() throws Exception {
+    String requestorUserName = ADMIN_USER;
+    Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+    String roleName = "admin_r";
+
+    client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName);
+    client.createRole(requestorUserName, requestorUserGroupNames, roleName);
+    
+    client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName, "server", "db", "table", "ALL");    
+    Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName);
+    assertTrue("Privilege not assigned to role !!", listPrivilegesByRoleName.size() == 1);
+    
+    client.revokeTablePrivilege(requestorUserName, requestorUserGroupNames, roleName, "server", "db", "table", "ALL");
+    listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName);
+    assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
+  }  
 
   @Test
   public void testShowRoleGrant() throws Exception {