You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Na Li (JIRA)" <ji...@apache.org> on 2019/06/14 18:40:00 UTC

[jira] [Assigned] (SENTRY-2268) Review the required privileges for DDL commands

     [ https://issues.apache.org/jira/browse/SENTRY-2268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Na Li reassigned SENTRY-2268:
-----------------------------

    Assignee:     (was: Na Li)

> Review the required privileges for DDL commands
> -----------------------------------------------
>
>                 Key: SENTRY-2268
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2268
>             Project: Sentry
>          Issue Type: Task
>            Reporter: Na Li
>            Priority: Major
>
> The privileges required for DDL commands are listed in HiveAuthzPrivilegesMap. 
> {code}
> addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER))
> {code}
> means the required output privileges is table level insert OR alter.
> {code}
> addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT)).
> addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER))
> {code}
> means the required output privileges is table level insert AND alter.
> We need to review the privileges to see if they are defined correctly. I suspect multiple definitions want to have privileges with AND, but end up getting privileges with OR.
> We should also check if the privilege level is correct. for example, "insert" is table level privilege. It does not make sense to require database level "insert".



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)