You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Ryan P (JIRA)" <ji...@apache.org> on 2015/08/02 13:34:04 UTC

[jira] [Created] (SENTRY-827) Server Scope ALWAYS grants ALL

Ryan P created SENTRY-827:
-----------------------------

             Summary: Server Scope ALWAYS grants ALL 
                 Key: SENTRY-827
                 URL: https://issues.apache.org/jira/browse/SENTRY-827
             Project: Sentry
          Issue Type: Bug
            Reporter: Ryan P


In it's current state the following two commands result in ALL on SERVER server1:

GRANT SELECT ON SERVER server1 TO ROLE read_role;
GRANT INSERT ON SERVER server1 TO ROLE insert_role;

This can cause users to unknowingly grant full privileges to user groups. Fixing this behavior will also allow us to mimic the previous behavior exhibited with Policy Files:

read_role = server=server1->db=*->table=*->action=select
insert_role = server=server1->db=*->table=*->action=insert

Granting SELECT on SERVER would be far more pleasant than granting SELECT on each individual DATABASE




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)