You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Prasad Mujumdar <pr...@cloudera.com> on 2014/09/13 00:56:49 UTC
Review Request 25600: SENTRY-417: Allow all users "Show role GRANT"
as long as they belong to that group
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25600/
-----------------------------------------------------------
Review request for sentry, Arun Suresh and Sravya Tirukkovalur.
Bugs: SENTRY-417
https://issues.apache.org/jira/browse/SENTRY-417
Repository: sentry
Description
-------
Allow all users "Show role GRANT GROUP" as long as they belong to that group.
The patch relaxes the restriction for invoking this RPC. If the user doesn't belong to the admin groups, then we retrieve the group membership of the given user and verify that the requested group is part of that list.
Diffs
-----
sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 070c494
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 066e909
Diff: https://reviews.apache.org/r/25600/diff/
Testing
-------
Added new test case for the change.
Thanks,
Prasad Mujumdar
Re: Review Request 25600: SENTRY-417: Allow all users "Show role
GRANT" as long as they belong to that group
Posted by Prasad Mujumdar <pr...@cloudera.com>.
> On Sept. 16, 2014, 12:45 a.m., Sravya Tirukkovalur wrote:
> > LGTM, minor comments below.
Comments addressed in the new patch attached to the ticket.
- Prasad
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25600/#review53443
-----------------------------------------------------------
On Sept. 12, 2014, 10:56 p.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25600/
> -----------------------------------------------------------
>
> (Updated Sept. 12, 2014, 10:56 p.m.)
>
>
> Review request for sentry, Arun Suresh and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-417
> https://issues.apache.org/jira/browse/SENTRY-417
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Allow all users "Show role GRANT GROUP" as long as they belong to that group.
> The patch relaxes the restriction for invoking this RPC. If the user doesn't belong to the admin groups, then we retrieve the group membership of the given user and verify that the requested group is part of that list.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 070c494
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 066e909
>
> Diff: https://reviews.apache.org/r/25600/diff/
>
>
> Testing
> -------
>
> Added new test case for the change.
>
>
> Thanks,
>
> Prasad Mujumdar
>
>
Re: Review Request 25600: SENTRY-417: Allow all users "Show role
GRANT" as long as they belong to that group
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/25600/#review53443
-----------------------------------------------------------
Ship it!
LGTM, minor comments below.
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/25600/#comment93102>
Nit: Fix the comment?
sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java
<https://reviews.apache.org/r/25600/#comment93103>
Nit: Fix the comment?
- Sravya Tirukkovalur
On Sept. 12, 2014, 10:56 p.m., Prasad Mujumdar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/25600/
> -----------------------------------------------------------
>
> (Updated Sept. 12, 2014, 10:56 p.m.)
>
>
> Review request for sentry, Arun Suresh and Sravya Tirukkovalur.
>
>
> Bugs: SENTRY-417
> https://issues.apache.org/jira/browse/SENTRY-417
>
>
> Repository: sentry
>
>
> Description
> -------
>
> Allow all users "Show role GRANT GROUP" as long as they belong to that group.
> The patch relaxes the restriction for invoking this RPC. If the user doesn't belong to the admin groups, then we retrieve the group membership of the given user and verify that the requested group is part of that list.
>
>
> Diffs
> -----
>
> sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryPolicyStoreProcessor.java 070c494
> sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/dbprovider/TestDatabaseProvider.java 066e909
>
> Diff: https://reviews.apache.org/r/25600/diff/
>
>
> Testing
> -------
>
> Added new test case for the change.
>
>
> Thanks,
>
> Prasad Mujumdar
>
>