sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-473) Support revoking privilege with grant option
Date Tue, 17 Mar 2015 05:46:39 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14364630#comment-14364630
] 

Hadoop QA commented on SENTRY-473:
----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12705001/SENTRY-473.007.patch against master.

{color:green}Overall:{color} +1 all checks pass

{color:green}SUCCESS:{color} all tests passed

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/496/console

This message is automatically generated.

> Support revoking privilege with grant option
> --------------------------------------------
>
>                 Key: SENTRY-473
>                 URL: https://issues.apache.org/jira/browse/SENTRY-473
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>         Attachments: SENTRY-473.001.patch, SENTRY-473.002.patch, SENTRY-473.003.patch,
SENTRY-473.004.patch, SENTRY-473.005.patch, SENTRY-473.006.patch, SENTRY-473.007.patch
>
>
> SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking privilege with
grant option in HIVE-7404.
> It looks like:
> {code}
> REVOKE [GRANT OPTION FOR]
>     priv_type [, priv_type ] ...
>     ON table_or_view_name
>     FROM principal_specification [, principal_specification] ... ;
> {code}
> We should support downgrade grant option for "GRANT OPTION FOR". It means when "GRANT
OPTION FOR" set, we just modify grant option of this privilege from true to false.
> use cases:
> {code}
> 1. grant ALL on database db1 to role role1;
> 2. grant ALL on database db1 to role role2 with grant option;
> 3. revoke grant option for ALL on database db1 from role role1;
> 4. revoke grant option for ALL on database db1 from role role2;
> 5. revoke ALL on database db1 from role role2;
> {code}
> After 3rd command executed, role1 still has privilege with action ALL on db1, grant option
is false.
> After 4th command executed, role2 downgrade privilege to grant option is false.
> After 5th command executed, role2 will remove privilege with action ALL on db1.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message