You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Adam Holley (JIRA)" <ji...@apache.org> on 2018/09/14 15:09:00 UTC

[jira] [Resolved] (IMPALA-7074) Update OWNER privilege on CREATE, DROP, and ALTER SET OWNER

     [ https://issues.apache.org/jira/browse/IMPALA-7074?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Adam Holley resolved IMPALA-7074.
---------------------------------
    Resolution: Fixed

> Update OWNER privilege on CREATE, DROP, and ALTER SET OWNER
> -----------------------------------------------------------
>
>                 Key: IMPALA-7074
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7074
>             Project: IMPALA
>          Issue Type: Sub-task
>          Components: Frontend
>            Reporter: Fredy Wijaya
>            Assignee: Adam Holley
>            Priority: Major
>              Labels: security
>             Fix For: Impala 3.1.0
>
>
> When objects are created and owner privilege is enabled in sentry, we should create an owner privilege in the catalog without waiting for the next sentry poll to get the owner privilege.  This should also be done for DROP DB/Table, and ALTER DB/Table set owner.  These privileges should mirror the privileges that are created in Sentry.  As with other GRANT operations, the results of the "SHOW GRANT ROLE" statements will have a create date of NULL for privileges that have not been refreshed from Sentry.
> For this Jira, we're adding code to the various catalog operations to create or remove privileges as necessary.  Because catalogd does not have the server_name set, we opted to pass the server_name as part of the catalog operations so the catalog is able to create the privileges.  
> Additionally, because we want to ensure consistency with the sentry, we grab the SentryOwnerPrivilegeType from sentry instead of reading from the local config file.
> This change requires a new series of tests that will execute both with and without data refreshed from Sentry privilege database.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org