sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Na Li (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-2255) alter table/database set owner command can be executed only by user with proper privilege
Date Wed, 11 Jul 2018 21:52:00 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-2255?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16540724#comment-16540724
] 

Na Li commented on SENTRY-2255:
-------------------------------

* The hive operation code for "ALTER TABLE SET OWNER" is ALTERTABLE_OWNER("ALTERTABLE_OWNER",
null, null). The means we need to require DB level ALL for HiveOperation.ALTERTABLE_OWNER
in HiveAuthzPrivilegesMap. 
* Need to check grant option in SentryStore.updateOwnerPrivilege() by calling grantOptionCheck()
to verify that the user has grant option
* Need to update grantOptionCheck to check user's directly associated privilege, not just
its roles for grant option.

> alter table/database set owner command can be executed only by user with proper privilege
> -----------------------------------------------------------------------------------------
>
>                 Key: SENTRY-2255
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2255
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Na Li
>            Assignee: Na Li
>            Priority: Major
>
> Need to set sentry privilege mapping to make sure it can be done only by user  with "all
with grant option" at parent obj



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message