You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Prasad Mujumdar <pr...@cloudera.com> on 2014/09/30 06:19:03 UTC
Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/
-----------------------------------------------------------
Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
Bugs: SENTRY-445
https://issues.apache.org/jira/browse/SENTRY-445
Repository: sentry
Description
-------
The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
Diffs
-----
sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
Diff: https://reviews.apache.org/r/26164/diff/
Testing
-------
Added new test cases
Thanks,
Prasad Mujumdar
Re: Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/#review54965
-----------------------------------------------------------
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
<https://reviews.apache.org/r/26164/#comment95299>
Did you intend to use multimap here?
- Sravya Tirukkovalur
On Sept. 30, 2014, 4:19 a.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26164/
> -----------------------------------------------------------
>
> (Updated Sept. 30, 2014, 4:19 a.m.)
>
>
> Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-445
> https://issues.apache.org/jira/browse/SENTRY-445
>
>
> Repository: sentry
>
>
> Description
> -------
>
> The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
> As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
>
>
> Diffs
> -----
>
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
>
> Diff: https://reviews.apache.org/r/26164/diff/
>
>
> Testing
> -------
>
> Added new test cases
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
Posted by Colin Ma <ju...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/#review55168
-----------------------------------------------------------
Ship it!
Ship It!
- Colin Ma
On Sept. 30, 2014, 4:41 p.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26164/
> -----------------------------------------------------------
>
> (Updated Sept. 30, 2014, 4:41 p.m.)
>
>
> Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-445
> https://issues.apache.org/jira/browse/SENTRY-445
>
>
> Repository: sentry
>
>
> Description
> -------
>
> The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
> As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
>
>
> Diffs
> -----
>
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
>
> Diff: https://reviews.apache.org/r/26164/diff/
>
>
> Testing
> -------
>
> Added new test cases
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
Posted by Prasad Mujumdar <pr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/
-----------------------------------------------------------
(Updated Sept. 30, 2014, 4:41 p.m.)
Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
Changes
-------
Fixed testcase
Bugs: SENTRY-445
https://issues.apache.org/jira/browse/SENTRY-445
Repository: sentry
Description
-------
The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
Diffs (updated)
-----
sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
Diff: https://reviews.apache.org/r/26164/diff/
Testing
-------
Added new test cases
Thanks,
Prasad Mujumdar
Re: Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
Posted by Prasad Mujumdar <pr...@cloudera.com>.
> On Sept. 30, 2014, 5:21 a.m., Colin Ma wrote:
> > sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java, line 72
> > <https://reviews.apache.org/r/26164/diff/1/?file=709033#file709033line72>
> >
> > There will be 2 entries in the map:
> > [AccessConstants.ALL, AccessConstants.ACTION_ALL]
> > [AccessConstants.ACTION_ALL, AccessConstants.ACTION_ALL]
> >
> > The value with the same key in the map will be replaced.
Thanks for catching that. update the patch
- Prasad
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/#review54949
-----------------------------------------------------------
On Sept. 30, 2014, 4:19 a.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26164/
> -----------------------------------------------------------
>
> (Updated Sept. 30, 2014, 4:19 a.m.)
>
>
> Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-445
> https://issues.apache.org/jira/browse/SENTRY-445
>
>
> Repository: sentry
>
>
> Description
> -------
>
> The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
> As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
>
>
> Diffs
> -----
>
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
>
> Diff: https://reviews.apache.org/r/26164/diff/
>
>
> Testing
> -------
>
> Added new test cases
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
Posted by Colin Ma <ju...@intel.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/#review54949
-----------------------------------------------------------
sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java
<https://reviews.apache.org/r/26164/#comment95270>
There will be 2 entries in the map:
[AccessConstants.ALL, AccessConstants.ACTION_ALL]
[AccessConstants.ACTION_ALL, AccessConstants.ACTION_ALL]
The value with the same key in the map will be replaced.
- Colin Ma
On Sept. 30, 2014, 4:19 a.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26164/
> -----------------------------------------------------------
>
> (Updated Sept. 30, 2014, 4:19 a.m.)
>
>
> Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-445
> https://issues.apache.org/jira/browse/SENTRY-445
>
>
> Repository: sentry
>
>
> Description
> -------
>
> The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
> As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
>
>
> Diffs
> -----
>
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
>
> Diff: https://reviews.apache.org/r/26164/diff/
>
>
> Testing
> -------
>
> Added new test cases
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 26164: SENTRY-445: WITH GRANT OPTION does not allow
delegated user to grant less permissive privileges
Posted by Lenni Kuff <ls...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/26164/#review54950
-----------------------------------------------------------
Ship it!
- Lenni Kuff
On Sept. 30, 2014, 4:19 a.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/26164/
> -----------------------------------------------------------
>
> (Updated Sept. 30, 2014, 4:19 a.m.)
>
>
> Review request for sentry, Colin Ma, Lenni Kuff, and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-445
> https://issues.apache.org/jira/browse/SENTRY-445
>
>
> Repository: sentry
>
>
> Description
> -------
>
> The implied privilege for with grant is checking for action= In other cases we allow action="ALL"
> As a result with grant option for finer grain privileges doesn't work for clients that set action=ALL
>
>
> Diffs
> -----
>
> sentry-core/sentry-core-model-db/src/main/java/org/apache/sentry/core/model/db/AccessConstants.java 26007d9
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/model/MSentryPrivilege.java 0667cb5
> sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryPrivilege.java 91d3171
>
> Diff: https://reviews.apache.org/r/26164/diff/
>
>
> Testing
> -------
>
> Added new test cases
>
>
> Thanks,
>
> Prasad Mujumdar
>
>