sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lenni Kuff (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SENTRY-552) Sentry Store recursive revoke of privilege levels < ALL does not properly downgrade privilege (they are removed)
Date Tue, 02 Dec 2014 08:28:13 GMT

     [ https://issues.apache.org/jira/browse/SENTRY-552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lenni Kuff updated SENTRY-552:
------------------------------
    Description: 
The following doesn't work properly:

grant all on col1
grant all on col2
revoke select on col2
-- at this point, will have ALL on col1, INSERT on col2
revoke INSERT from table <--- Does not do the proper thing.

The expectation is that revoking INSERT from the table would remove INSERT privilege on col2
and also downgrade the ALL privilege on col1 to SELECT. Instead it removes the ALL privilege.



  was:
The following doesn't work properly:

grant all on col1
grant all on col2
revoke select on col2
-- at this point, will have ALL on col1, INSERT on col2
revoke INSERT from table <--- Does not do the proper thing.

The expectation is that revoking INSERT from the table would remove INSERT privilege on col2
and also downgrade the ALL privilege on col1 to SELECT. Instead the privilege on col1 stays
in-tact. 

Note that this was exposed as part of the fix for SENTRY-543. Prior to that the REVOKE would
incorrectly remove both privileges.


        Summary: Sentry Store recursive revoke of privilege levels < ALL does not properly
downgrade privilege (they are removed)  (was: Downgrading privileges does not always work
for column-level privileges)

> Sentry Store recursive revoke of privilege levels < ALL does not properly downgrade
privilege (they are removed)
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: SENTRY-552
>                 URL: https://issues.apache.org/jira/browse/SENTRY-552
>             Project: Sentry
>          Issue Type: Bug
>    Affects Versions: 1.5.0
>            Reporter: Lenni Kuff
>            Assignee: Dapeng Sun
>             Fix For: 1.5.0
>
>         Attachments: SENTRY-552.002.patch, SENTRY-552.003.patch, SENTRY-552.004.patch,
SENTRY-552.005.patch, SENTRY-552.patch
>
>
> The following doesn't work properly:
> grant all on col1
> grant all on col2
> revoke select on col2
> -- at this point, will have ALL on col1, INSERT on col2
> revoke INSERT from table <--- Does not do the proper thing.
> The expectation is that revoking INSERT from the table would remove INSERT privilege
on col2 and also downgrade the ALL privilege on col1 to SELECT. Instead it removes the ALL
privilege. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message