[SENTRY-2270] Illegal privileges on columns can be granted on Hive - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.1.0
Component/s: Sentry
Labels:
None

Description

It is possible to grant the following privileges on columns in beeline: ALTER, CREATE, DROP. However, these privileges have no semantics for a column.

For ALL, and INSERT, beeline raises an error if the user tries to grant the privilege to a column, e.g.:

beeline> grant all(fn) on table tbl1 to role r1;
Error: Error while compiling statement: FAILED: SemanticException Sentry does not support privilege: All on Column (state=42000,code=40000)
beeline> grant insert(fn) on table tbl1 to role r1;
Error: Error while compiling statement: FAILED: SemanticException Sentry does not support privilege: Insert on Column (state=42000,code=40000)

A similar error should be created when granting CREATE, ALTER, and DROP on column.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-2270.1.patch
13/Jun/18 22:36
3 kB
Sergio Peña

Issue Links

links to

Review Board

Activity

People

Assignee:: Sergio Peña

Reporter:: Sergio Peña

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Jun/18 22:35

Updated:: 15/Jun/18 16:34

Resolved:: 15/Jun/18 16:34