You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@sentry.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2018/09/20 21:14:00 UTC

[jira] [Commented] (SENTRY-2413) Provide a configuration option to permit specific DB privileges to be granted explicitly

    [ https://issues.apache.org/jira/browse/SENTRY-2413?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16622723#comment-16622723 ] 

Hadoop QA commented on SENTRY-2413:
-----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12940660/SENTRY-2413.1.patch against master.

{color:red}Overall:{color} -1 due to 6 errors

{color:red}ERROR:{color} mvn test exited 1
{color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestAuthorizingDDLAuditLogWithKerberos
{color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryServiceIntegration
{color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryServiceIntegration
{color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryServiceIntegration
{color:red}ERROR:{color} Failed: org.apache.sentry.api.service.thrift.TestSentryServiceIntegration

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/4138/console

This message is automatically generated.

> Provide a configuration option to permit specific DB privileges to be granted explicitly
> ----------------------------------------------------------------------------------------
>
>                 Key: SENTRY-2413
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2413
>             Project: Sentry
>          Issue Type: Improvement
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Sergio Peña
>            Assignee: Sergio Peña
>            Priority: Major
>         Attachments: SENTRY-2413.1.patch
>
>
> Some DB clients would not like that privileges, such as DROP, ALTER, INDEX, LOCK, can be granted explicitly by Sentry admins because there are no use cases and some can be prone to security errors if not handled correctly.
> Being 2.x a minor version, to avoid incompatibility, then a new configuration should be added that explicitly defines the set of privileges that can be granted on Sentry.
> This is exclusively for DB policies.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)