You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Prasad Mujumdar (JIRA)" <ji...@apache.org> on 2015/04/29 18:30:06 UTC
[jira] [Created] (SENTRY-715) ACLs are not updated on a table until
the first explicit GRANT statement.
Prasad Mujumdar created SENTRY-715:
--------------------------------------
Summary: ACLs are not updated on a table until the first explicit GRANT statement.
Key: SENTRY-715
URL: https://issues.apache.org/jira/browse/SENTRY-715
Project: Sentry
Issue Type: Bug
Affects Versions: 1.5.0
Reporter: Prasad Mujumdar
Assignee: Prasad Mujumdar
CREATE ROLE systest_default;
GRANT ROLE systest_default TO GROUP systest;
GRANT ALL ON DATABASE default to ROLE systest_default;
2. kinit as systest
CREATE TABLE test_tbl (i int);
INSERT INTO TABLE test_tbl SELECT 1;
3. Look at ACLs (note that systest is not included):
[root@lenni-ssl-2 ~]# hadoop fs -getfacl /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
# file: /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
# owner: hive
# group: hive
user::rwx
user:hive:rwx
group:hive:rwx
other::---
mask::rwx
other::---
4. If a GRANT SELECT ON TABLE test_tbl is executed after the table is created, the privileges are updated. But note that the systest only has read privileges and not read/write (it should inherit the ALL on the database):
[root@lenni-ssl-2 ~]# hadoop fs -getfacl /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
a# file: /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
# owner: hive
# group: hive
user::rwx
user:hive:rwx
group:hive:rwx
other::---
group:systest:r-x
mask::rwx
other::---
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)