Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-2270

Illegal privileges on columns can be granted on Hive

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 2.1.0
    • Sentry
    • None

    Description

      It is possible to grant the following privileges on columns in beeline: ALTER, CREATE, DROP. However, these privileges have no semantics for a column.

      For ALL, and INSERT, beeline raises an error if the user tries to grant the privilege to a column, e.g.:

      beeline> grant all(fn) on table tbl1 to role r1;
      Error: Error while compiling statement: FAILED: SemanticException Sentry does not support privilege: All on Column (state=42000,code=40000)
      beeline> grant insert(fn) on table tbl1 to role r1;
      Error: Error while compiling statement: FAILED: SemanticException Sentry does not support privilege: Insert on Column (state=42000,code=40000)
      

      A similar error should be created when granting CREATE, ALTER, and DROP on column.

       

      Attachments

        1. SENTRY-2270.1.patch
          3 kB
          Sergio Peña

        Issue Links

          Activity

            People

              spena Sergio Peña
              spena Sergio Peña
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: