Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-2270

Illegal privileges on columns can be granted on Hive

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 2.1.0
    • Component/s: Sentry
    • Labels:
      None

      Description

      It is possible to grant the following privileges on columns in beeline: ALTER, CREATE, DROP. However, these privileges have no semantics for a column.

      For ALL, and INSERT, beeline raises an error if the user tries to grant the privilege to a column, e.g.:

      beeline> grant all(fn) on table tbl1 to role r1;
      Error: Error while compiling statement: FAILED: SemanticException Sentry does not support privilege: All on Column (state=42000,code=40000)
      beeline> grant insert(fn) on table tbl1 to role r1;
      Error: Error while compiling statement: FAILED: SemanticException Sentry does not support privilege: Insert on Column (state=42000,code=40000)
      

      A similar error should be created when granting CREATE, ALTER, and DROP on column.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                spena Sergio Peña
                Reporter:
                spena Sergio Peña
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: