Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-701 Support revoking “with grant option” of a privilege
  3. SENTRY-473

Revoke privilege should support revoking of grant option

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Patch Available
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking privilege with grant option in HIVE-7404.
      It looks like:

      REVOKE [GRANT OPTION FOR]
          priv_type [, priv_type ] ...
          ON table_or_view_name
          FROM principal_specification [, principal_specification] ... ;
      

      We should support downgrade grant option for "GRANT OPTION FOR". It means when "GRANT OPTION FOR" set, we just modify grant option of this privilege from true to false.
      use cases:

      1. grant ALL on database db1 to role role1;
      2. grant ALL on database db1 to role role2 with grant option;
      3. revoke grant option for ALL on database db1 from role role1;
      4. revoke grant option for ALL on database db1 from role role2;
      5. revoke ALL on database db1 from role role2;
      

      After 3rd command executed, role1 still has privilege with action ALL on db1, grant option is false.
      After 4th command executed, role2 downgrade privilege to grant option is false.
      After 5th command executed, role2 will remove privilege with action ALL on db1.

        Attachments

        1. SENTRY-473.007.patch
          20 kB
          Xiaomeng Huang
        2. SENTRY-473.006.patch
          20 kB
          Xiaomeng Huang
        3. SENTRY-473.005.patch
          20 kB
          Xiaomeng Huang
        4. SENTRY-473.004.patch
          20 kB
          Xiaomeng Huang
        5. SENTRY-473.003.patch
          17 kB
          Xiaomeng Huang
        6. SENTRY-473.002.patch
          16 kB
          Xiaomeng Huang
        7. SENTRY-473.001.patch
          13 kB
          Xiaomeng Huang

          Issue Links

            Activity

              People

              • Assignee:
                Huang Xiaomeng Xiaomeng Huang
                Reporter:
                Huang Xiaomeng Xiaomeng Huang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: