You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org> on 2018/09/25 13:41:07 UTC
Review Request 68838: SENTRY-2410: CREATE privileges on Hive does not
allow a user to list all tables of a database
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68838/
-----------------------------------------------------------
Review request for sentry, Na Li and Sergio Pena.
Bugs: SENTRY-2410
https://issues.apache.org/jira/browse/SENTRY-2410
Repository: sentry
Description
-------
The CREATE privilege is not allowing a user to see which tables already exist in a database using the SHOW TABLES command. We should allow the SHOW TABLES command to list all tables no matter the user who create them as there is no case to avoid it.
Diffs
-----
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java f0764767f32e4380a3f36b32e2e6a7420af11dde
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java da1956b8e7a3a7b3d1555c099f9424073c188ff2
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 88e697b32452de4af6ba6cc0b8c1a2bb7bdebeb6
Diff: https://reviews.apache.org/r/68838/diff/1/
Testing
-------
Made sure all the existing tests passed. Also updated some tests to cover this change.
Thanks,
kalyan kumar kalvagadda
Re: Review Request 68838: SENTRY-2410: CREATE privileges on Hive does
not allow a user to list all tables of a database
Posted by Na Li via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68838/#review208995
-----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java
Line 404 (original), 404 (patched)
<https://reviews.apache.org/r/68838/#comment293268>
create privilege on column does not make sense.
Why the privileges on line 404 in DefaultSentryValidator.java is so different from line 645 in HiveAuthzBindingHookBase.java?
- Na Li
On Sept. 25, 2018, 1:41 p.m., kalyan kumar kalvagadda wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68838/
> -----------------------------------------------------------
>
> (Updated Sept. 25, 2018, 1:41 p.m.)
>
>
> Review request for sentry, Arjun Mishra, Na Li, and Sergio Pena.
>
>
> Bugs: SENTRY-2410
> https://issues.apache.org/jira/browse/SENTRY-2410
>
>
> Repository: sentry
>
>
> Description
> -------
>
> The CREATE privilege is not allowing a user to see which tables already exist in a database using the SHOW TABLES command. We should allow the SHOW TABLES command to list all tables no matter the user who create them as there is no case to avoid it.
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryValidator.java f0764767f32e4380a3f36b32e2e6a7420af11dde
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBindingHookBase.java da1956b8e7a3a7b3d1555c099f9424073c188ff2
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestShowMetadataPrivileges.java 88e697b32452de4af6ba6cc0b8c1a2bb7bdebeb6
>
>
> Diff: https://reviews.apache.org/r/68838/diff/1/
>
>
> Testing
> -------
>
> Made sure all the existing tests passed. Also updated some tests to cover this change.
>
>
> Thanks,
>
> kalyan kumar kalvagadda
>
>