You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "Lenni Kuff (JIRA)" <ji...@apache.org> on 2014/11/27 03:22:13 UTC

[jira] [Created] (SENTRY-552) Downgrading privileges does not always work for column-level privileges

Lenni Kuff created SENTRY-552:
---------------------------------

             Summary: Downgrading privileges does not always work for column-level privileges
                 Key: SENTRY-552
                 URL: https://issues.apache.org/jira/browse/SENTRY-552
             Project: Sentry
          Issue Type: Bug
    Affects Versions: 1.5.0
            Reporter: Lenni Kuff
             Fix For: 1.5.0


The following doesn't work properly:

grant all on col1
grant all on col2
revoke select on col2
-- at this point, will have ALL on col1, INSERT on col2
revoke INSERT from table <--- Does not do the proper thing.

The expectation is that revoking INSERT from the table would remove INSERT privilege on col2 and also downgrade the ALL privilege on col1 to SELECT. Instead the privilege on col1 stays in-tact. 

Note that this was exposed as part of the fix for SENTRY-543. Prior to that the REVOKE would incorrectly remove both privileges.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)