Description
grantServerPrivilege and revokeServerPrivilege should treat "*" and "ALL" as synonyms when action is not explicitly specified. Otherwise, if grantServerPrivilege is called without action explicitly specified, and follow with a revokeServerPrivilege invocation with action as "ALL" , the server level privilege will not be revoked. For example, in impala
When pretty-printing is disabled, you can use the '--output_delimiter' flag to set the delimiter for fields in the same row. The default is ','. *********************************************************************************** [test.com:21000] > create role test; Query: create role test Fetched 0 row(s) in 0.23s [test.com:21000] > grant select on database default to test; Query: grant select on database default to test Fetched 0 row(s) in 0.12s [test.com:21000] > grant all on server to test; Query: grant all on server to test Fetched 0 row(s) in 0.04s [test.com:21000] > show grant role test; Query: show grant role test +----------+----------+-------+--------+-----+-----------+--------------+-------------+ | scope | database | table | column | uri | privilege | grant_option | create_time | +----------+----------+-------+--------+-----+-----------+--------------+-------------+ | DATABASE | default | | | | SELECT | false | NULL | | SERVER | | | | | ALL | false | NULL | +----------+----------+-------+--------+-----+-----------+--------------+-------------+ Fetched 2 row(s) in 0.08s [test.com:21000] > revoke all on server from role test; Query: revoke all on server from role test Fetched 0 row(s) in 0.14s [test.com:21000] > show grant role test; Query: show grant role test +----------+----------+-------+--------+-----+-----------+--------------+-------------+ | scope | database | table | column | uri | privilege | grant_option | create_time | +----------+----------+-------+--------+-----+-----------+--------------+-------------+ | DATABASE | default | | | | SELECT | false | NULL | +----------+----------+-------+--------+-----+-----------+--------------+-------------+ Fetched 1 row(s) in 0.03s [test.com:21000] > show grant role test; Query: show grant role test +----------+----------+-------+--------+-----+-----------+--------------+-------------+ | scope | database | table | column | uri | privilege | grant_option | create_time | +----------+----------+-------+--------+-----+-----------+--------------+-------------+ | DATABASE | default | | | | SELECT | false | NULL | +----------+----------+-------+--------+-----+-----------+--------------+-------------+ Fetched 1 row(s) in 0.03s [FIVE MINUTES ELAPSE] [test.com21000] > show grant role test; Query: show grant role test +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+ | scope | database | table | column | uri | privilege | grant_option | create_time | +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+ | SERVER | | | | | ALL | false | Sun, Apr 24 2016 20:24:33.888 | +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+ Fetched 1 row(s) in 0.05s
Attachments
Attachments
Issue Links
- is related to
-
SENTRY-744 DB provider client should support grantServerPrivilege() method without action for backward compatibility
-
- Resolved
-
-
SENTRY-1259 Deprecated one of "ALL" and "*" from DB data authz model
-
- Open
-