You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by sp...@apache.org on 2018/06/15 16:33:52 UTC
sentry git commit: SENTRY-2270: Illegal privileges on columns can be
granted on Hive (Sergio Pena, reviewd by Arjun Mishra)
Repository: sentry
Updated Branches:
refs/heads/master 035333a4d -> 9c3614bce
SENTRY-2270: Illegal privileges on columns can be granted on Hive (Sergio Pena, reviewd by Arjun Mishra)
Project: http://git-wip-us.apache.org/repos/asf/sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/sentry/commit/9c3614bc
Tree: http://git-wip-us.apache.org/repos/asf/sentry/tree/9c3614bc
Diff: http://git-wip-us.apache.org/repos/asf/sentry/diff/9c3614bc
Branch: refs/heads/master
Commit: 9c3614bcebd84b4218ec3195201483cc88d8be4a
Parents: 035333a
Author: Sergio Pena <se...@cloudera.com>
Authored: Fri Jun 15 11:32:54 2018 -0500
Committer: Sergio Pena <se...@cloudera.com>
Committed: Fri Jun 15 11:32:54 2018 -0500
----------------------------------------------------------------------
.../binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java | 4 ++--
.../sentry/binding/hive/authz/DefaultSentryAccessController.java | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sentry/blob/9c3614bc/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
index 23246c9..0518938 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/SentryHiveAuthorizationTaskFactoryImpl.java
@@ -367,8 +367,8 @@ public class SentryHiveAuthorizationTaskFactoryImpl implements HiveAuthorization
if (privilegeDef.getChildCount() > 1) {
cols = BaseSemanticAnalyzer.getColumnNames((ASTNode) privilegeDef.getChild(1));
}
- if (cols != null && (privObj.getPriv().equals(PrivilegeType.INSERT)
- || privObj.getPriv().equals(PrivilegeType.ALL))) {
+ // Columns accept only SELECT privileges
+ if (cols != null && !privObj.getPriv().equals(PrivilegeType.SELECT)) {
String msg = SentryHiveConstants.PRIVILEGE_NOT_SUPPORTED + privObj.getPriv() + " on Column";
throw new SemanticException(msg);
}
http://git-wip-us.apache.org/repos/asf/sentry/blob/9c3614bc/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
----------------------------------------------------------------------
diff --git a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
index f0b4b44..321701d 100644
--- a/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
+++ b/sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/DefaultSentryAccessController.java
@@ -405,8 +405,8 @@ public class DefaultSentryAccessController extends SentryHiveAccessController {
case TABLE_OR_VIEW:
// For column level security
if (columnNames != null && !columnNames.isEmpty()) {
- if (action.equalsIgnoreCase(AccessConstants.INSERT)
- || action.equalsIgnoreCase(AccessConstants.ALL)) {
+ // Columns accept only SELECT privileges
+ if (!action.equalsIgnoreCase(AccessConstants.SELECT)) {
String msg =
SentryHiveConstants.PRIVILEGE_NOT_SUPPORTED + privilege.getName()
+ " on Column";