You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Brock Noland <br...@cloudera.com> on 2014/03/18 03:12:15 UTC
Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/
-----------------------------------------------------------
Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
Bugs: SENTRY-145
https://issues.apache.org/jira/browse/SENTRY-145
Repository: sentry
Description
-------
Normalized REVOKE SELECT/INSERT when user has ALL on table.
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 5c87d95
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 722b490
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
Diff: https://reviews.apache.org/r/19340/diff/
Testing
-------
Thanks,
Brock Noland
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Brock Noland <br...@cloudera.com>.
> On March 26, 2014, 5:11 p.m., Prasad Mujumdar wrote:
> > Looks like it would require a rebase due to SENTRY-137 changes.
Yep, it did. This patch is rebased on top of HEAD which includes 137! Thanks!
- Brock
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/#review38625
-----------------------------------------------------------
On March 26, 2014, 3:05 p.m., Brock Noland wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19340/
> -----------------------------------------------------------
>
> (Updated March 26, 2014, 3:05 p.m.)
>
>
> Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
>
>
> Bugs: SENTRY-145
> https://issues.apache.org/jira/browse/SENTRY-145
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Normalized REVOKE SELECT/INSERT when user has ALL on table.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9793ab4
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
>
> Diff: https://reviews.apache.org/r/19340/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Brock Noland
>
>
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Prasad Mujumdar <pr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/#review38625
-----------------------------------------------------------
Ship it!
Looks like it would require a rebase due to SENTRY-137 changes.
- Prasad Mujumdar
On March 26, 2014, 3:05 p.m., Brock Noland wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19340/
> -----------------------------------------------------------
>
> (Updated March 26, 2014, 3:05 p.m.)
>
>
> Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
>
>
> Bugs: SENTRY-145
> https://issues.apache.org/jira/browse/SENTRY-145
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Normalized REVOKE SELECT/INSERT when user has ALL on table.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9793ab4
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
>
> Diff: https://reviews.apache.org/r/19340/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Brock Noland
>
>
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Brock Noland <br...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/
-----------------------------------------------------------
(Updated March 26, 2014, 3:05 p.m.)
Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
Changes
-------
Updates based on review and rebased.
Bugs: SENTRY-145
https://issues.apache.org/jira/browse/SENTRY-145
Repository: sentry
Description
-------
Normalized REVOKE SELECT/INSERT when user has ALL on table.
Diffs (updated)
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9793ab4
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
Diff: https://reviews.apache.org/r/19340/diff/
Testing
-------
Thanks,
Brock Noland
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Shreepadma Venugopalan <sh...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/#review37854
-----------------------------------------------------------
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java
<https://reviews.apache.org/r/19340/#comment69620>
Additionally check for empty string?
- Shreepadma Venugopalan
On March 19, 2014, 6:19 p.m., Brock Noland wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19340/
> -----------------------------------------------------------
>
> (Updated March 19, 2014, 6:19 p.m.)
>
>
> Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
>
>
> Bugs: SENTRY-145
> https://issues.apache.org/jira/browse/SENTRY-145
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Normalized REVOKE SELECT/INSERT when user has ALL on table.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9562783
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
>
> Diff: https://reviews.apache.org/r/19340/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Brock Noland
>
>
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Brock Noland <br...@cloudera.com>.
> On March 20, 2014, 2:44 a.m., Prasad Mujumdar wrote:
> > A high level question on the fix:
> > You grant all on a table first and then remove SELECT. With this patch you end up with only INSERT privilege on that table. Now if this user performs an alter table, will it be rejected since the user doesn't have ALL privilege anymore ? Is it something we are intentionally changing ?
Yes that is correct. Since ALL is the union of SELECT and INSERT, when SELECT is removed from ALL, I think the end result should be result in INSERT privilege?
ALL = SELECT + INSERT
ALL - SELECT = INSERT
?
- Brock
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/#review37859
-----------------------------------------------------------
On March 19, 2014, 6:19 p.m., Brock Noland wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19340/
> -----------------------------------------------------------
>
> (Updated March 19, 2014, 6:19 p.m.)
>
>
> Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
>
>
> Bugs: SENTRY-145
> https://issues.apache.org/jira/browse/SENTRY-145
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Normalized REVOKE SELECT/INSERT when user has ALL on table.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9562783
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
>
> Diff: https://reviews.apache.org/r/19340/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Brock Noland
>
>
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Prasad Mujumdar <pr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/#review37859
-----------------------------------------------------------
A high level question on the fix:
You grant all on a table first and then remove SELECT. With this patch you end up with only INSERT privilege on that table. Now if this user performs an alter table, will it be rejected since the user doesn't have ALL privilege anymore ? Is it something we are intentionally changing ?
- Prasad Mujumdar
On March 19, 2014, 6:19 p.m., Brock Noland wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/19340/
> -----------------------------------------------------------
>
> (Updated March 19, 2014, 6:19 p.m.)
>
>
> Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
>
>
> Bugs: SENTRY-145
> https://issues.apache.org/jira/browse/SENTRY-145
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Normalized REVOKE SELECT/INSERT when user has ALL on table.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9562783
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
>
> Diff: https://reviews.apache.org/r/19340/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Brock Noland
>
>
Re: Review Request 19340: SENTRY-145 - Store needs to handle privilege
normalization
Posted by Brock Noland <br...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19340/
-----------------------------------------------------------
(Updated March 19, 2014, 6:19 p.m.)
Review request for sentry, Prasad Mujumdar and Shreepadma Venugopalan.
Changes
-------
Rebased on master
Bugs: SENTRY-145
https://issues.apache.org/jira/browse/SENTRY-145
Repository: sentry
Description
-------
Normalized REVOKE SELECT/INSERT when user has ALL on table.
Diffs (updated)
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 9c678d5
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 9562783
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java f500c2d
Diff: https://reviews.apache.org/r/19340/diff/
Testing
-------
Thanks,
Brock Noland