Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-1252

grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.8.0
    • Component/s: Sentry
    • Labels:
      None

      Description

      grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified. Otherwise, if grantServerPrivilege is called without action explicitly specified, and follow with a revokeServerPrivilege invocation with action as "ALL" , the server level privilege will not be revoked. For example, in impala

      When pretty-printing is disabled, you can use the '--output_delimiter' flag to set
      the delimiter for fields in the same row. The default is ','.
      ***********************************************************************************
      [test.com:21000] > create role test;
      Query: create role test
      
      Fetched 0 row(s) in 0.23s
      [test.com:21000] > grant select on database default to test;
      Query: grant select on database default to test
      
      Fetched 0 row(s) in 0.12s
      [test.com:21000] > grant all on server to test;
      Query: grant all on server to test
      
      Fetched 0 row(s) in 0.04s
      [test.com:21000] > show grant role test;
      Query: show grant role test
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | scope    | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | DATABASE | default  |       |        |     | SELECT    | false        | NULL        |
      | SERVER   |          |       |        |     | ALL       | false        | NULL        |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      Fetched 2 row(s) in 0.08s
      [test.com:21000] > revoke all on server from role test;
      Query: revoke all on server from role test
      
      Fetched 0 row(s) in 0.14s
      [test.com:21000] > show grant role test;
      Query: show grant role test
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | scope    | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | DATABASE | default  |       |        |     | SELECT    | false        | NULL        |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      Fetched 1 row(s) in 0.03s
      [test.com:21000] > show grant role test;
      Query: show grant role test
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | scope    | database | table | column | uri | privilege | grant_option | create_time |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      | DATABASE | default  |       |        |     | SELECT    | false        | NULL        |
      +----------+----------+-------+--------+-----+-----------+--------------+-------------+
      Fetched 1 row(s) in 0.03s
      
      [FIVE MINUTES ELAPSE]
      
      [test.com21000] > show grant role test;
      Query: show grant role test
      +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      | scope  | database | table | column | uri | privilege | grant_option | create_time                   |
      +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      | SERVER |          |       |        |     | ALL       | false        | Sun, Apr 24 2016 20:24:33.888 |
      +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+
      Fetched 1 row(s) in 0.05s
      

        Attachments

        1. SENTRY-1252.0.patch
          6 kB
          Hao Hao

          Issue Links

            Activity

              People

              • Assignee:
                hahao Hao Hao
                Reporter:
                hahao Hao Hao
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: