You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Na Li via Review Board <no...@reviews.apache.org> on 2018/08/07 02:14:14 UTC
Review Request 68249: SENTRY-2255: alter table set owner command can
be executed only by user with proper privilege
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68249/
-----------------------------------------------------------
Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
Bugs: sentry-2255
https://issues.apache.org/jira/browse/sentry-2255
Repository: sentry
Description
-------
1) support grant option for DDL option. This is a new feature. Many places have to be changed at sentry server and client to make it happen
2) Add privilege map in HiveAuthzPrivilegesMap, which is commentted out as hive version integrated with Sentry does not support "ALTER TABLE SET OWNER"
3) Add more testing cases and verify owner privilege, which is disabled
Diffs
-----
sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java f1cbbb6
sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java f164b30
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 9350af0
sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java ab55609
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java 73fcda8
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java be0830d
sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java a9b98f3
sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 621ce89
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestOwnerPrivileges.java 8a10214
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java 4588963
Diff: https://reviews.apache.org/r/68249/diff/1/
Testing
-------
existing test cases in TestOwnerPrivileges passed
Thanks,
Na Li
Re: Review Request 68249: SENTRY-2255: alter table set owner command
can be executed only by user with proper privilege
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68249/#review206985
-----------------------------------------------------------
Ship it!
Ship It!
- kalyan kumar kalvagadda
On Aug. 7, 2018, 2:14 a.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68249/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2018, 2:14 a.m.)
>
>
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
>
>
> Bugs: sentry-2255
> https://issues.apache.org/jira/browse/sentry-2255
>
>
> Repository: sentry
>
>
> Description
> -------
>
> 1) support grant option for DDL option. This is a new feature. Many places have to be changed at sentry server and client to make it happen
> 2) Add privilege map in HiveAuthzPrivilegesMap, which is commentted out as hive version integrated with Sentry does not support "ALTER TABLE SET OWNER"
> 3) Add more testing cases and verify owner privilege, which is disabled
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java f1cbbb6
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java f164b30
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 9350af0
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java ab55609
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java 73fcda8
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java be0830d
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java a9b98f3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 621ce89
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestOwnerPrivileges.java 8a10214
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java 4588963
>
>
> Diff: https://reviews.apache.org/r/68249/diff/1/
>
>
> Testing
> -------
>
> existing test cases in TestOwnerPrivileges passed
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 68249: SENTRY-2255: alter table set owner command
can be executed only by user with proper privilege
Posted by kalyan kumar kalvagadda via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68249/#review206940
-----------------------------------------------------------
Lina,
Hive 2.3.3 which sentry integrates with, does not allow "alter table set owner" command. we should not commit this patch as this functionality can neither be tested or used.
We should either bump the hive version to one where it supports "alter table set owner" before commtting this patch.
- kalyan kumar kalvagadda
On Aug. 7, 2018, 2:14 a.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68249/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2018, 2:14 a.m.)
>
>
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
>
>
> Bugs: sentry-2255
> https://issues.apache.org/jira/browse/sentry-2255
>
>
> Repository: sentry
>
>
> Description
> -------
>
> 1) support grant option for DDL option. This is a new feature. Many places have to be changed at sentry server and client to make it happen
> 2) Add privilege map in HiveAuthzPrivilegesMap, which is commentted out as hive version integrated with Sentry does not support "ALTER TABLE SET OWNER"
> 3) Add more testing cases and verify owner privilege, which is disabled
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java f1cbbb6
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java f164b30
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 9350af0
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java ab55609
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java 73fcda8
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java be0830d
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java a9b98f3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 621ce89
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestOwnerPrivileges.java 8a10214
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java 4588963
>
>
> Diff: https://reviews.apache.org/r/68249/diff/1/
>
>
> Testing
> -------
>
> existing test cases in TestOwnerPrivileges passed
>
>
> Thanks,
>
> Na Li
>
>
Re: Review Request 68249: SENTRY-2255: alter table set owner command
can be executed only by user with proper privilege
Posted by Sergio Pena via Review Board <no...@reviews.apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/68249/#review206955
-----------------------------------------------------------
Looks good.
- Sergio Pena
On Aug. 7, 2018, 2:14 a.m., Na Li wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/68249/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2018, 2:14 a.m.)
>
>
> Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Sergio Pena.
>
>
> Bugs: sentry-2255
> https://issues.apache.org/jira/browse/sentry-2255
>
>
> Repository: sentry
>
>
> Description
> -------
>
> 1) support grant option for DDL option. This is a new feature. Many places have to be changed at sentry server and client to make it happen
> 2) Add privilege map in HiveAuthzPrivilegesMap, which is commentted out as hive version integrated with Sentry does not support "ALTER TABLE SET OWNER"
> 3) Add more testing cases and verify owner privilege, which is disabled
>
>
> Diffs
> -----
>
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzBinding.java f1cbbb6
> sentry-binding/sentry-binding-hive-common/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivileges.java f164b30
> sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java 9350af0
> sentry-policy/sentry-policy-common/src/main/java/org/apache/sentry/policy/common/CommonPrivilege.java ab55609
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/AuthorizationProvider.java 73fcda8
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/NoAuthorizationProvider.java be0830d
> sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/ResourceAuthorizationProvider.java a9b98f3
> sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java 621ce89
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestOwnerPrivileges.java 8a10214
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hdfs/TestHDFSIntegrationBase.java 4588963
>
>
> Diff: https://reviews.apache.org/r/68249/diff/1/
>
>
> Testing
> -------
>
> existing test cases in TestOwnerPrivileges passed
>
>
> Thanks,
>
> Na Li
>
>