Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-2308

Create privilege on table has no use case

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.1.0
    • Fix Version/s: 2.1.0
    • Component/s: Sentry
    • Labels:
      None

      Description

      Currently it is possible to grant CREATE on a table. However, there do not seem to be any SQL operations that require this privilege.

      For example, ALTER TABLE ADD PARTITION, requires ALTER and not CREATE.

      Here is another example that requires INSERT on the target table, not CREATE (or ALTER):

      set hive.exec.dynamic.partition.mode=nonstrict;INSERT OVERWRITE TABLE config1_test_database1.aliens PARTITION (home_planet, diet) SELECT name, home_planet, diet FROM config1_test_database1.movie_stars WHERE home_planet IS NOT NULL AND diet IS NOT NULL;
      

      If there is no use case for granting CREATE on a table, we should considering not allowing this operation.

        Attachments

        1. SENTRY-2308.1.patch
          12 kB
          Sergio Peña
        2. SENTRY-2308.2.patch
          5 kB
          Sergio Peña
        3. SENTRY-2308.3.patch
          7 kB
          Sergio Peña
        4. SENTRY-2308.4.patch
          8 kB
          Sergio Peña
        5. SENTRY-2308.5.patch
          13 kB
          Sergio Peña

          Issue Links

            Activity

              People

              • Assignee:
                spena Sergio Peña
                Reporter:
                spena Sergio Peña
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: