You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "Sravya Tirukkovalur (JIRA)" <ji...@apache.org> on 2014/08/29 20:39:54 UTC
[jira] [Commented] (SENTRY-331) Add more granular privileges to the
DBModel
[ https://issues.apache.org/jira/browse/SENTRY-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115634#comment-14115634 ]
Sravya Tirukkovalur commented on SENTRY-331:
--------------------------------------------
Attaching an updated complete patch. Adding following privileges: Create, Drop, Alter, Index and Lock.
Following broad rules apply:
Creating a data object requires "create" privilege on the parent. That is, create table requires create on db, create db requires create on server.
Dropping a data object requires "drop" privilege on that object.
All alter commands require "alter" privilege on that table with the following exceptions:
-- Alter table drop also requires "drop" privilege on the table in addition to "alter".
-- Alter table index rebuild only requires "index" privilege on the table
-- Alter table rename also requires "create" on db.
Locking table requires "lock" on table.
This patch also fixes SENTRY-413 and SENTRY-414
Note: I put comment "//TODO: Make sure" in the places where a second opinion will help to make sure we are enforcing the right privileges for those commands.
> Add more granular privileges to the DBModel
> -------------------------------------------
>
> Key: SENTRY-331
> URL: https://issues.apache.org/jira/browse/SENTRY-331
> Project: Sentry
> Issue Type: New Feature
> Affects Versions: 1.3.0
> Reporter: Sravya Tirukkovalur
> Assignee: Sravya Tirukkovalur
> Fix For: 1.5.0
>
> Attachments: SENTRY-331.0.patch, SENTRY-331.1.patch
>
>
> Specifically it would be good to split "All" privilege into "Create", "Drop" and "Alter"
--
This message was sent by Atlassian JIRA
(v6.2#6252)