Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-488

Sentry list_sentry_privileges_by_authorizable API does not filter out roles/privileges for some cases.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.5.0
    • Component/s: None
    • Labels:
      None

      Description

      I am requestorUserName=u'user1_1' which is non admin and only have 'foo' group
      I can list ALL the roles/privilege attached to an object.

      I should only see the group foo and its privilege on sample_07.

      [02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call <class 'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable returned in 38ms: TListSentryPrivilegesByAuthResponse(status=TSentryResponseStatus(message='', stack=None, value=0), privilegesMapByAuth={TSentryAuthorizable(table='sample_07', db='default', uri=None, server='server1'): TSentryPrivilegeMap(privilegeMap={'foo': set([TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07', privilegeScope='TABLE', createTime=1412271660913, URI='', action='all', dbName='default'), TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07', privilegeScope='TABLE', createTime=1412270683086, URI='', action='select', dbName='default'), TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07', privilegeScope='TABLE', createTime=1412271260793, URI='', action='insert', dbName='default')]), 'jholoman': set([TSentryPrivilege(grantOption=0, serverName='server1', tableName='sample_07', privilegeScope='TABLE', createTime=1412271260793, URI='', action='insert', dbName='default')]), ....
      
      [02/Oct/2014 16:41:23 -0700] thrift_util  DEBUG    Thrift call: <class 'sentry_policy_service.SentryPolicyService.Client'>.list_sentry_privileges_by_authorizable(args=(TListSentryPrivilegesByAuthRequest(protocol_version=1, authorizableSet=[TSentryAuthorizable(table=u'sample_07', db=u'default', uri=None, server=u'server1')], roleSet=None, groups=None, requestorUserName=u'user1_1'),), kwargs={})
      

        Attachments

        1. SENTRY-488.1.patch
          5 kB
          Arun Suresh
        2. SENTRY-488.2.patch
          6 kB
          Arun Suresh
        3. SENTRY-488.3.patch
          6 kB
          Arun Suresh

          Activity

            People

            • Assignee:
              asuresh Arun Suresh
              Reporter:
              asuresh Arun Suresh
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: