Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-2129 User based privilege
  3. SENTRY-2091

User-based Privilege is broken by SENTRY-769

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • 2.1.0
    • None
    • Sentry
    • None

    Description

      SENTRY-769 throws exception when a user has no group. This breaks user-based privilege as the exception prevents getting privilege using user-based privilege.

      For example, in the following code

      Set<String> userPrivileges =
        authProvider.getPolicyEngine().getPrivileges(
            authProvider.getGroupMapping().getGroups(userName), Sets.newHashSet(userName),
            hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());

      when user has no group, the exception causes the processing stops even when user has privilege.

      The solution is to catch the exception, and continue the processing. 

      try {
Set<String> groups = null;
try {
  groups = authProvider.getGroupMapping().getGroups(userName)
} catch (SentryGroupNotFoundException ex) {
  log.debug(...);
  groups = new HashSet<String>();
}

Set<String> userPrivileges =
        authProvider.getPolicyEngine().getPrivileges(
            groups, Sets.newHashSet(userName),
            hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer());

        ...

}

      Attachments

        1. SENTRY-2091.001.patch
          13 kB
          Na Li
        2. SENTRY-2091.002.patch
          14 kB
          Na Li
        3. SENTRY-2091.003.patch
          15 kB
          Na Li
        4. SENTRY-2091.004.patch
          19 kB
          Na Li
        5. SENTRY-2091.004.patch
          19 kB
          Na Li
        6. SENTRY-2091.006.patch
          12 kB
          Na Li

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SENTRY-2051 Catch SentryGroupNotFoundException in thrift server handler

          • Major - Major loss of function.
          • Resolved
          is related to

          New Feature - A new feature of the product, which has yet to be developed. SENTRY-2095 Support User-based privilege at Name Node through HDFS sync

          • Major - Major loss of function.
          • Resolved
          relates to

          New Feature - A new feature of the product, which has yet to be developed. SENTRY-711 Implement grant user to role

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Review Link for this case

          Activity

            People

              Unassigned Unassigned
              linaataustin Na Li
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: