Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-594

Alter database should check output privilege instead of input

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.5.0
    • None
    • None

    Description

      "ALTER DATABASE" command can get entities from WriteEntity, and get nothing from ReadEntity. So this command should check output privilege instead of input.
      What's more, "ALTER TABLE" also check output privilege, likes below:

      HiveAuthzPrivileges alterTablePrivilege = new HiveAuthzPrivileges.AuthzPrivilegeBuilder().
              addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)).
              setOperationScope(HiveOperationScope.TABLE).
              setOperationType(HiveOperationType.DDL).
              build();
      

      Attachments

        1. SENTRY-594.001.patch
          1 kB
          Xiaomeng Huang

        Issue Links

          Activity

            People

              Huang Xiaomeng Xiaomeng Huang
              Huang Xiaomeng Xiaomeng Huang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: