From commits-return-3705-apmail-sentry-commits-archive=sentry.apache.org@sentry.incubator.apache.org Sat Oct 4 02:01:58 2014 Return-Path: X-Original-To: apmail-sentry-commits-archive@minotaur.apache.org Delivered-To: apmail-sentry-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EA27E17A32 for ; Sat, 4 Oct 2014 02:01:57 +0000 (UTC) Received: (qmail 37534 invoked by uid 500); 4 Oct 2014 02:01:57 -0000 Delivered-To: apmail-sentry-commits-archive@sentry.apache.org Received: (qmail 37488 invoked by uid 500); 4 Oct 2014 02:01:57 -0000 Mailing-List: contact commits-help@sentry.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@sentry.incubator.apache.org Delivered-To: mailing list commits@sentry.incubator.apache.org Received: (qmail 37476 invoked by uid 99); 4 Oct 2014 02:01:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Oct 2014 02:01:57 +0000 X-ASF-Spam-Status: No, hits=-2000.6 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Sat, 04 Oct 2014 02:01:35 +0000 Received: (qmail 37380 invoked by uid 99); 4 Oct 2014 02:01:33 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Oct 2014 02:01:33 +0000 Date: Sat, 4 Oct 2014 02:01:33 +0000 (UTC) From: "Arun Suresh (JIRA)" To: commits@sentry.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (SENTRY-488) Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges for some cases. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/SENTRY-488?page=3Dcom.atlassia= n.jira.plugin.system.issuetabpanels:all-tabpanel ] Arun Suresh reassigned SENTRY-488: ---------------------------------- Assignee: Arun Suresh > Sentry list_sentry_privileges_by_authorizable API does not filter out rol= es/privileges for some cases. > -------------------------------------------------------------------------= ----------------------------- > > Key: SENTRY-488 > URL: https://issues.apache.org/jira/browse/SENTRY-488 > Project: Sentry > Issue Type: Bug > Reporter: Arun Suresh > Assignee: Arun Suresh > > I am requestorUserName=3Du'user1_1' which is non admin and only have 'foo= ' group > I can list ALL the roles/privilege attached to an object. > I should only see the group foo and its privilege on sample_07. > {code} > [02/Oct/2014 16:41:23 -0700] thrift_util DEBUG Thrift call .list_sentry_privileges_by_= authorizable returned in 38ms: TListSentryPrivilegesByAuthResponse(status= =3DTSentryResponseStatus(message=3D'', stack=3DNone, value=3D0), privileges= MapByAuth=3D{TSentryAuthorizable(table=3D'sample_07', db=3D'default', uri= =3DNone, server=3D'server1'): TSentryPrivilegeMap(privilegeMap=3D{'foo': se= t([TSentryPrivilege(grantOption=3D0, serverName=3D'server1', tableName=3D's= ample_07', privilegeScope=3D'TABLE', createTime=3D1412271660913, URI=3D'', = action=3D'all', dbName=3D'default'), TSentryPrivilege(grantOption=3D0, serv= erName=3D'server1', tableName=3D'sample_07', privilegeScope=3D'TABLE', crea= teTime=3D1412270683086, URI=3D'', action=3D'select', dbName=3D'default'), T= SentryPrivilege(grantOption=3D0, serverName=3D'server1', tableName=3D'sampl= e_07', privilegeScope=3D'TABLE', createTime=3D1412271260793, URI=3D'', acti= on=3D'insert', dbName=3D'default')]), 'jholoman': set([TSentryPrivilege(gra= ntOption=3D0, serverName=3D'server1', tableName=3D'sample_07', privilegeSco= pe=3D'TABLE', createTime=3D1412271260793, URI=3D'', action=3D'insert', dbNa= me=3D'default')]), .... > [02/Oct/2014 16:41:23 -0700] thrift_util DEBUG Thrift call: .list_sentry_privileges_by= _authorizable(args=3D(TListSentryPrivilegesByAuthRequest(protocol_version= =3D1, authorizableSet=3D[TSentryAuthorizable(table=3Du'sample_07', db=3Du'd= efault', uri=3DNone, server=3Du'server1')], roleSet=3DNone, groups=3DNone, = requestorUserName=3Du'user1_1'),), kwargs=3D{}) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)