sentry-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Na Li (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SENTRY-2354) Beeline error message only shows first required permission that failed access check
Date Wed, 15 Aug 2018 22:19:00 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-2354?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Na Li updated SENTRY-2354:
--------------------------
    Status: Patch Available  (was: Open)

> Beeline error message only shows first required permission that failed access check
> -----------------------------------------------------------------------------------
>
>                 Key: SENTRY-2354
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2354
>             Project: Sentry
>          Issue Type: Bug
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: Na Li
>            Assignee: Na Li
>            Priority: Major
>         Attachments: SENTRY-2354.001.patch
>
>
> When multiple permissions are required by a principle for an operation in beeline to
be authorized by sentry, beeline only displays one of the needed permissions in its error
message.
> For example, to execute ALTER TABLE SET LOCATION, a principle needs ALL on the location
URI, and ALTER on the table. If a user's role has neither of these, beeline just displays
that the role needs ALL on the location URI. Once the user role has all on the location URI,
then beeline displays that the user role needs ALTER on the table.
> Before the role has any privileges:
> > alter table db1.table1 set location '/tmp';
> Error: Error while compiling statement: FAILED: SemanticException No valid privileges
>  User merry does not have privileges for ALTERTABLE_LOCATION
>  The required privileges: Server=server1->URI=hdfs://rogue-4.gce.com:8020/tmp->action=*;
(state=42000,code=40000)
> After granting all on the location URI:
> > alter table db1.table1 set location '/tmp';
> Error: Error while compiling statement: FAILED: SemanticException No valid privileges
>  User merry does not have privileges for ALTERTABLE_LOCATION
>  The required privileges: Server=server1->Db=db1->Table=table1->action=alter;
(state=42000,code=40000)
> Instead, the error message should be something like the following:
> The required privileges are all of:
> Server=server1->URI=hdfs://rogue-4.gce.com:8020/tmp->action=*;Server=server1->Db=db1->Table=table1->action=alter;



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message