You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by pr...@apache.org on 2014/05/17 04:24:10 UTC
git commit: SENTRY-205: Sentry throws Exception when trying to revoke
Table level privileges (Arun Suresh via Prasad Mujumdar)
Repository: incubator-sentry
Updated Branches:
refs/heads/master b3ee46494 -> 5fc968e6c
SENTRY-205: Sentry throws Exception when trying to revoke Table level privileges (Arun Suresh via Prasad Mujumdar)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/5fc968e6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/5fc968e6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/5fc968e6
Branch: refs/heads/master
Commit: 5fc968e6caa2a7a3c4b7a75de6c93ff0dba89c9b
Parents: b3ee464
Author: Prasad Mujumdar <pr...@cloudera.com>
Authored: Fri May 16 19:22:37 2014 -0700
Committer: Prasad Mujumdar <pr...@cloudera.com>
Committed: Fri May 16 19:22:37 2014 -0700
----------------------------------------------------------------------
.../service/thrift/SentryPolicyServiceClient.java | 1 +
.../thrift/TestSentryServiceIntegration.java | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5fc968e6/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
index 33b8735..5f8a65f 100644
--- a/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
+++ b/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyServiceClient.java
@@ -300,6 +300,7 @@ public class SentryPolicyServiceClient {
privilege.setServerName(serverName);
privilege.setURI(uri);
privilege.setDbName(db);
+ privilege.setTableName(table);
privilege.setAction(action);
privilege.setGrantorPrincipal(requestorUserName);
privilege.setCreateTime(System.currentTimeMillis());
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/5fc968e6/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
----------------------------------------------------------------------
diff --git a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
index e211079..1e4ed17 100644
--- a/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
+++ b/sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryServiceIntegration.java
@@ -49,6 +49,24 @@ public class TestSentryServiceIntegration extends SentryServiceIntegrationBase {
}
client.dropRole(requestorUserName, requestorUserGroupNames, roleName);
}
+
+ @Test
+ public void testGranRevokePrivilegeOnTableForRole() throws Exception {
+ String requestorUserName = ADMIN_USER;
+ Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP);
+ String roleName = "admin_r";
+
+ client.dropRoleIfExists(requestorUserName, requestorUserGroupNames, roleName);
+ client.createRole(requestorUserName, requestorUserGroupNames, roleName);
+
+ client.grantTablePrivilege(requestorUserName, requestorUserGroupNames, roleName, "server", "db", "table", "ALL");
+ Set<TSentryPrivilege> listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName);
+ assertTrue("Privilege not assigned to role !!", listPrivilegesByRoleName.size() == 1);
+
+ client.revokeTablePrivilege(requestorUserName, requestorUserGroupNames, roleName, "server", "db", "table", "ALL");
+ listPrivilegesByRoleName = client.listPrivilegesByRoleName(requestorUserName, requestorUserGroupNames, roleName);
+ assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
+ }
@Test
public void testShowRoleGrant() throws Exception {