Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-594

Alter database should check output privilege instead of input

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0
    • None
    • None

    Description

      "ALTER DATABASE" command can get entities from WriteEntity, and get nothing from ReadEntity. So this command should check output privilege instead of input.
      What's more, "ALTER TABLE" also check output privilege, likes below:

      HiveAuthzPrivileges alterTablePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
        addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)).
        setOperationScope(HiveOperationScope.TABLE).
        setOperationType(HiveOperationType.DDL).
        build();

      Attachments

        1. SENTRY-594.001.patch
          1 kB
          Xiaomeng Huang

        Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. SENTRY-498 Sentry integration with Hive authorization framework V2

          • Major - Major loss of function.
          • Resolved
          is depended upon by

          Sub-task - The sub-task of the issue SENTRY-514 Enable e2e tests for authorization V2

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Huang Xiaomeng Xiaomeng Huang
              Huang Xiaomeng Xiaomeng Huang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: