sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergio Peña (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SENTRY-2097) Sentry privileges model: Can Sentry take a database privileges away from a server privileges?
Date Tue, 12 Dec 2017 17:12:00 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sergio Peña updated SENTRY-2097:
--------------------------------
    Description: 
Assume I have a user |jack| and a group |datateam|. The
user |jack| belongs to group |datateam|.

Use Sentry for authorization.

|create role admin; grant role admin to group datateam; grant all on
server server1 to role admin; |

Now the role |admin| has the following priveleges.

{noformat}
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
{noformat}

Assume I have this database.

|create database testdb; |

It is successful. User |jack| created a database |testdb|.

Use Sentry to revoke the privileges on |testdb|;

|revoke all on database `testdb` from role admin; |
The priveleges is still the same.

{noformat}
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
{noformat}

Shouldn't Sentry take the privileges on database |testdb| away from the
server |server1|?

  was:
This issue has been allocated:
CVE-2017-15711

>From security@sentry.apache.org:

Assume I have a user |jack| and a group |datateam|. The
user |jack| belongs to group |datateam|.

Use Sentry for authorization.

|create role admin; grant role admin to group datateam; grant all on
server server1 to role admin; |

Now the role |admin| has the following priveleges.

{noformat}
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
{noformat}

Assume I have this database.

|create database testdb; |

It is successful. User |jack| created a database |testdb|.

Use Sentry to revoke the privileges on |testdb|;

|revoke all on database `testdb` from role admin; |
The priveleges is still the same.

{noformat}
|+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| database | table | partition | column | principal_name |
principal_type | privilege | grant_option | grant_time | grantor |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
| * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
{noformat}

Shouldn't Sentry take the privileges on database |testdb| away from the
server |server1|?


> Sentry privileges model: Can Sentry take a database privileges away from a server privileges?
> ---------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-2097
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2097
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>            Reporter: Sergio Peña
>            Priority: Critical
>
> Assume I have a user |jack| and a group |datateam|. The
> user |jack| belongs to group |datateam|.
> Use Sentry for authorization.
> |create role admin; grant role admin to group datateam; grant all on
> server server1 to role admin; |
> Now the role |admin| has the following priveleges.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Assume I have this database.
> |create database testdb; |
> It is successful. User |jack| created a database |testdb|.
> Use Sentry to revoke the privileges on |testdb|;
> |revoke all on database `testdb` from role admin; |
> The priveleges is still the same.
> {noformat}
> |+-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option | grant_time | grantor |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | * | | | | admin | ROLE | * | false | 1480985013185000 | -- |
> +-----------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+|
> {noformat}
> Shouldn't Sentry take the privileges on database |testdb| away from the
> server |server1|?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message