Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-2151 Automatically derive owner privileges from Hive Object Ownership
  3. SENTRY-2242

Add schema changes to limit one one user as owner privilege per object

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Won't Fix
    • 2.1.0
    • None
    • Sentry
    • None

    Description

      Currently user<-> privileges is implemented to handle privileges to owners of the respective objects. There can not be more than one owner to single object (database/table) so restriction should be added either at the application or the database schema to prevent it from happening.

      I feel schema change is the best way to do it for now as there is no plan to implement user privileges in near future. In future when user privileges feature is implemented this change could be reverted and restriction can be added at application.

      Current Schema:

      ALTER TABLE `SENTRY_USER_DB_PRIVILEGE_MAP`
  ADD CONSTRAINT `SENTRY_USER_DB_PRIVILEGE_MAP_PK` PRIMARY KEY (`USER_ID`,`DB_PRIVILEGE_ID`);

      Proposed Solution:

      ALTER TABLE `SENTRY_USER_DB_PRIVILEGE_MAP`
  ADD CONSTRAINT `SENTRY_USER_DB_PRIVILEGE_MAP_PK` PRIMARY KEY (`DB_PRIVILEGE_ID`);

      With this change DB_PRIVILEGE_ID would be the primary key and this restrict same privilege to be granted to another user.

      Attachments

        Activity

          People

            kkalyan Krishna Kalyan
            kkalyan Krishna Kalyan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: