You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2019/06/14 18:40:00 UTC
[jira] [Assigned] (SENTRY-2268) Review the required privileges for
DDL commands
[ https://issues.apache.org/jira/browse/SENTRY-2268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Na Li reassigned SENTRY-2268:
-----------------------------
Assignee: (was: Na Li)
> Review the required privileges for DDL commands
> -----------------------------------------------
>
> Key: SENTRY-2268
> URL: https://issues.apache.org/jira/browse/SENTRY-2268
> Project: Sentry
> Issue Type: Task
> Reporter: Na Li
> Priority: Major
>
> The privileges required for DDL commands are listed in HiveAuthzPrivilegesMap.
> {code}
> addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER))
> {code}
> means the required output privileges is table level insert OR alter.
> {code}
> addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT)).
> addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER))
> {code}
> means the required output privileges is table level insert AND alter.
> We need to review the privileges to see if they are defined correctly. I suspect multiple definitions want to have privileges with AND, but end up getting privileges with OR.
> We should also check if the privilege level is correct. for example, "insert" is table level privilege. It does not make sense to require database level "insert".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)