You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Sachin (JIRA)" <ji...@apache.org> on 2018/04/18 09:16:00 UTC
[jira] [Created] (SENTRY-2204) Revoke 'all/*' on server from role ,
revokes all privileges from the same role
Sachin created SENTRY-2204:
------------------------------
Summary: Revoke 'all/*' on server from role , revokes all privileges from the same role
Key: SENTRY-2204
URL: https://issues.apache.org/jira/browse/SENTRY-2204
Project: Sentry
Issue Type: New Feature
Components: Sentry
Reporter: Sachin
I have assigned below privileges to one role i.e. role_1;
{noformat}
|+------------------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
|\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+------------------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
|\| hdfs://nameservice01/user/h \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963168628000 \| -- \||
|\| * \| \| \| \| role_157 \| ROLE \| * \| false \| 1523352328442000 \| -- \||
|\| hdfs://nameservice01/user/m \| \| \| \| role_157 \| ROLE \| * \| false \| 1523963186544000 \| -- \||
|+------------------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
| |
{noformat}
After that executed below command i.e revoke and show grant for the same role
{noformat}
revoke all on server server1 from role role_157;
{noformat}
{noformat}
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+--+|
|\| database \| table \| partition \| column \| principal_name \| principal_type \| privilege \| grant_option \| grant_time \| grantor \||
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+--+|
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------+----------+--+|
|No rows selected (0.119 seconds)|
{noformat}
As you can see from above, if you revoke all on server, it also revokes all the other privileges from the same role as well.
So it is right behaviour? or It should revoke only all/* on server and should keep other privileges?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)