You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by Prasad Mujumdar <pr...@cloudera.com> on 2014/09/13 00:56:49 UTC

Review Request 25600: SENTRY-417: Allow all users "Show role GRANT" as long as they belong to that group

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25600/
-----------------------------------------------------------

Review request for sentry, Arun Suresh and Sravya Tirukkovalur.


Bugs: SENTRY-417
    https://issues.apache.org/jira/browse/SENTRY-417


Repository: sentry


Description
-------

Allow all users "Show role GRANT GROUP" as long as they belong to that group.
The patch relaxes the restriction for invoking this RPC. If the user doesn't belong to the admin groups, then we retrieve the group membership of the given user and verify that the requested group is part of that list.


Diffs
-----

  sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 070c494 
  sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 066e909 

Diff: https://reviews.apache.org/r/25600/diff/


Testing
-------

Added new test case for the change.


Thanks,

Prasad Mujumdar

Re: Review Request 25600: SENTRY-417: Allow all users "Show role GRANT" as long as they belong to that group

Posted by Prasad Mujumdar <pr...@cloudera.com>.


> On Sept. 16, 2014, 12:45 a.m., Sravya Tirukkovalur wrote:
> > LGTM, minor comments below.

Comments addressed in the new patch attached to the ticket.


- Prasad


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25600/#review53443
-----------------------------------------------------------


On Sept. 12, 2014, 10:56 p.m., Prasad Mujumdar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25600/
> -----------------------------------------------------------
> 
> (Updated Sept. 12, 2014, 10:56 p.m.)
> 
> 
> Review request for sentry, Arun Suresh and Sravya Tirukkovalur.
> 
> 
> Bugs: SENTRY-417
>     https://issues.apache.org/jira/browse/SENTRY-417
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Allow all users "Show role GRANT GROUP" as long as they belong to that group.
> The patch relaxes the restriction for invoking this RPC. If the user doesn't belong to the admin groups, then we retrieve the group membership of the given user and verify that the requested group is part of that list.
> 
> 
> Diffs
> -----
> 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 070c494 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 066e909 
> 
> Diff: https://reviews.apache.org/r/25600/diff/
> 
> 
> Testing
> -------
> 
> Added new test case for the change.
> 
> 
> Thanks,
> 
> Prasad Mujumdar
> 
>

Re: Review Request 25600: SENTRY-417: Allow all users "Show role GRANT" as long as they belong to that group

Posted by Sravya Tirukkovalur <sr...@cloudera.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25600/#review53443
-----------------------------------------------------------

Ship it!


LGTM, minor comments below.


sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/25600/#comment93102>

    Nit: Fix the comment?



sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/25600/#comment93103>

    Nit: Fix the comment?


- Sravya Tirukkovalur


On Sept. 12, 2014, 10:56 p.m., Prasad Mujumdar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25600/
> -----------------------------------------------------------
> 
> (Updated Sept. 12, 2014, 10:56 p.m.)
> 
> 
> Review request for sentry, Arun Suresh and Sravya Tirukkovalur.
> 
> 
> Bugs: SENTRY-417
>     https://issues.apache.org/jira/browse/SENTRY-417
> 
> 
> Repository: sentry
> 
> 
> Description
> -------
> 
> Allow all users "Show role GRANT GROUP" as long as they belong to that group.
> The patch relaxes the restriction for invoking this RPC. If the user doesn't belong to the admin groups, then we retrieve the group membership of the given user and verify that the requested group is part of that list.
> 
> 
> Diffs
> -----
> 
>   sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 070c494 
>   sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 066e909 
> 
> Diff: https://reviews.apache.org/r/25600/diff/
> 
> 
> Testing
> -------
> 
> Added new test case for the change.
> 
> 
> Thanks,
> 
> Prasad Mujumdar
> 
>