[SENTRY-2308] Create privilege on table has no use case - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.1.0
Component/s: Sentry
Labels:
None

Description

Currently it is possible to grant CREATE on a table. However, there do not seem to be any SQL operations that require this privilege.

For example, ALTER TABLE ADD PARTITION, requires ALTER and not CREATE.

Here is another example that requires INSERT on the target table, not CREATE (or ALTER):

set hive.exec.dynamic.partition.mode=nonstrict;INSERT OVERWRITE TABLE config1_test_database1.aliens PARTITION (home_planet, diet) SELECT name, home_planet, diet FROM config1_test_database1.movie_stars WHERE home_planet IS NOT NULL AND diet IS NOT NULL;

If there is no use case for granting CREATE on a table, we should considering not allowing this operation.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-2308.1.patch
11/Jul/18 18:59
12 kB
Sergio Peña
SENTRY-2308.2.patch
11/Jul/18 20:32
5 kB
Sergio Peña
SENTRY-2308.3.patch
13/Jul/18 18:43
7 kB
Sergio Peña
SENTRY-2308.4.patch
15/Aug/18 19:27
8 kB
Sergio Peña
SENTRY-2308.5.patch
16/Aug/18 16:18
13 kB
Sergio Peña

Issue Links

links to

Activity

People

Assignee:: Sergio Peña

Reporter:: Sergio Peña

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Jul/18 16:13

Updated:: 17/Aug/18 17:18

Resolved:: 17/Aug/18 17:18