Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-701 Support revoking “with grant option” of a privilege
  3. SENTRY-473

Revoke privilege should support revoking of grant option

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Patch Available
    • Major
    • Resolution: Unresolved
    • None
    • None
    • None
    • None

    Description

      SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking privilege with grant option in HIVE-7404.
      It looks like:

      REVOKE [GRANT OPTION FOR]
    priv_type [, priv_type ] ...
    ON table_or_view_name
    FROM principal_specification [, principal_specification] ... ;

      We should support downgrade grant option for "GRANT OPTION FOR". It means when "GRANT OPTION FOR" set, we just modify grant option of this privilege from true to false.
      use cases:

      1. grant ALL on database db1 to role role1;
2. grant ALL on database db1 to role role2 with grant option;
3. revoke grant option for ALL on database db1 from role role1;
4. revoke grant option for ALL on database db1 from role role2;
5. revoke ALL on database db1 from role role2;

      After 3rd command executed, role1 still has privilege with action ALL on db1, grant option is false.
      After 4th command executed, role2 downgrade privilege to grant option is false.
      After 5th command executed, role2 will remove privilege with action ALL on db1.

      Attachments

        1. SENTRY-473.007.patch
          20 kB
          Xiaomeng Huang
        2. SENTRY-473.006.patch
          20 kB
          Xiaomeng Huang
        3. SENTRY-473.005.patch
          20 kB
          Xiaomeng Huang
        4. SENTRY-473.004.patch
          20 kB
          Xiaomeng Huang
        5. SENTRY-473.003.patch
          17 kB
          Xiaomeng Huang
        6. SENTRY-473.002.patch
          16 kB
          Xiaomeng Huang
        7. SENTRY-473.001.patch
          13 kB
          Xiaomeng Huang

        Issue Links

          is depended upon by

          Sub-task - The sub-task of the issue SENTRY-672 Support revoking child action with grant option

          • Major - Major loss of function.
          • Open
          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SENTRY-327 Support auth admin delegation via SQL construct 'with grant option'

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Review Borad

          Activity

            People

              Huang Xiaomeng Xiaomeng Huang
              Huang Xiaomeng Xiaomeng Huang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: