Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-1540

SentryStore.isMultiActionsSupported() is always true

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Patch Available
    • Minor
    • Resolution: Unresolved
    • 1.8.0
    • None
    • Sentry

    Description

      The SentryStore.isMultiActionsSupported() function:

        // Currently INSERT/SELECT/ALL are supported for Table and DB level privileges
  private boolean isMultiActionsSupported(TSentryPrivilege tPrivilege) {
    return tPrivilege.getDbName() != null;

  }

      It is called in two places - in drop_privileges():

                  TSentryPrivilege tPrivilege = toSentryPrivilege(tAuthorizable);
            try {
              if (isMultiActionsSupported(tPrivilege)) {
              ...

      The toSentryPrivilege() function:

        private TSentryPrivilege toSentryPrivilege(TSentryAuthorizable tAuthorizable)
      throws SentryInvalidInputException {
    TSentryPrivilege tSentryPrivilege = new TSentryPrivilege();
    tSentryPrivilege.setDbName(fromNULLCol(tAuthorizable.getDb()));
    tSentryPrivilege.setServerName(fromNULLCol(tAuthorizable.getServer()));
    tSentryPrivilege.setTableName(fromNULLCol(tAuthorizable.getTable()));
    tSentryPrivilege.setColumnName(fromNULLCol(tAuthorizable.getColumn()));
    tSentryPrivilege.setURI(fromNULLCol(tAuthorizable.getUri()));
    ...

      So all fields are initialized to an emoty string which means that isMultiActionsSupported is always true.

      The same is true for the second usage in renamePrivilege().

      So currently the function is meaningless. So it should be either removed or changed to verify that dbName is non-empty and not "_NULL_".

      Attachments

        1. SENTRY-1540.v1.patch
          2 kB
          Vamsee K. Yarlagadda
        2. SENTRY-1540.v2.patch
          1 kB
          Vamsee K. Yarlagadda

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SENTRY-162 Cleanup DB store privilege metadata on Hive DDL statements

          • Major - Major loss of function.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. SENTRY-872 Uber jira for HMS HA + Sentry HA redesign

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. SENTRY-1541 toSentryPrivilege() should not copy fields that are not set in the source

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. SENTRY-1582 Comments to clarify the intent of string manipulation methods in SentryStore.java

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Code review

          Activity

            People

              vamsee Vamsee K. Yarlagadda
              akolb Alex Kolbasov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: