sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lenni Kuff (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-488) Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges for some cases.
Date Sat, 04 Oct 2014 02:12:33 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14158878#comment-14158878
] 

Lenni Kuff commented on SENTRY-488:
-----------------------------------

I think you need to add .toLower() to the role name since it is case insensitive. Other than
that lgtm +1, thanks Arun. 

> Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges
for some cases.
> ------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-488
>                 URL: https://issues.apache.org/jira/browse/SENTRY-488
>             Project: Sentry
>          Issue Type: Bug
>            Reporter: Arun Suresh
>            Assignee: Arun Suresh
>         Attachments: SENTRY-488.1.patch
>
>
> I am requestorUserName=u'user1_1' which is non admin and only have 'foo' group
> I can list ALL the roles/privilege attached to an object.
> I should only see the group foo and its privilege on sample_07.
> {code}
> [02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call <class 'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable
returned in 38ms: TListSentryPrivilegesByAuthResponse(status=TSentryResponseStatus(message='',
stack=None, value=0), privilegesMapByAuth={TSentryAuthorizable(table='sample_07', db='default',
uri=None, server='server1'): TSentryPrivilegeMap(privilegeMap={'foo': set([TSentryPrivilege(grantOption=0,
serverName='server1', tableName='sample_07', privilegeScope='TABLE', createTime=1412271660913,
URI='', action='all', dbName='default'), TSentryPrivilege(grantOption=0, serverName='server1',
tableName='sample_07', privilegeScope='TABLE', createTime=1412270683086, URI='', action='select',
dbName='default'), TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07',
privilegeScope='TABLE', createTime=1412271260793, URI='', action='insert', dbName='default')]),
'jholoman': set([TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07',
privilegeScope='TABLE', createTime=1412271260793, URI='', action='insert', dbName='default')]),
....
> [02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call: <class 'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable(args=(TListSentryPrivilegesByAuthRequest(protocol_version=1,
authorizableSet=[TSentryAuthorizable(table=u'sample_07', db=u'default', uri=None, server=u'server1')],
roleSet=None, groups=None, requestorUserName=u'user1_1'),), kwargs={})
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message