Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
1.4.0
-
None
-
None
-
CentOS 6.6
Description
It appears that when a role is dropped the privileges granted to that role remain in SENTRY_DB_PRIVILEGE
0: jdbc:hive2://localhost:10000/default> CREATE ROLE FOO;
No rows affected (0.102 seconds)
0: jdbc:hive2://localhost:10000/default> GRANT ALL ON DATABASE EMR TO ROLE FOO;
No rows affected (0.129 seconds)
0: jdbc:hive2://localhost:10000/default> DROP ROLE FOO;
No rows affected (0.129 seconds)
0: jdbc:hive2://localhost:10000/default> CREATE ROLE FOO;
No rows affected (0.105 seconds)
0: jdbc:hive2://localhost:10000/default> GRANT ALL ON DATABASE EMR TO FOO;
Error: Error while compiling statement: FAILED: ParseException line 1:29 cannot recognize input near 'FOO' '<EOF>' '<EOF>' in user|group|role name (state=42000,code=40000)
0: jdbc:hive2://localhost:10000/default> GRANT ALL ON DATABASE EMR TO ROLE FOO;
Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. Unknown error for request: TAlterSentryRoleGrantPrivilegeRequest(protocol_version:1, requestorUserName:phidemo, roleName:FOO, privilege:TSentryPrivilege(privilegeScope:DATABASE, serverName:server1, dbName:EMR, tableName:, URI:, action:, createTime:1428717194418, grantOption:FALSE)), message: Insert of object "org.apache.sentry.provider.db.service.model.MSentryPrivilege@7ecb6306" using statement "INSERT INTO `SENTRY_DB_PRIVILEGE` (`DB_PRIVILEGE_ID`,`SERVER_NAME`,`URI`,`PRIVILEGE_SCOPE`,`WITH_GRANT_OPTION`,`DB_NAME`,`TABLE_NAME`,`ACTION`,`CREATE_TIME`) VALUES (?,?,?,?,?,?,?,?,?)" failed : Duplicate entry 'server1-emr-_NULLNULLN' for key 'SENTRY_DB_PRIV_PRIV_NAME_UNIQ'. Server Stacktrace: javax.jdo.JDODataStoreException: Insert of object "org.apache.sentry.provider.db.service.model.MSentryPrivilege@7ecb6306" using statement "INSERT INTO `SENTRY_DB_PRIVILEGE` (`DB_PRIVILEGE_ID`,`SERVER_NAME`,`URI`,`PRIVILEGE_SCOPE`,`WITH_GRANT_OPTION`,`DB_NAME`,`TABLE_NAME`,`ACTION`,`CREATE_TIME`) VALUES (?,?,?,?,?,?,?,?,?)" failed : Duplicate entry 'server1-emrNULLNULL_*-N' for key 'SENTRY_DB_PRIV_PRIV_NAME_UNIQ'
at org.datanucleus.api.jdo.NucleusJDOHelper.getJDOExceptionForNucleusException(NucleusJDOHelper.java:451)
at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:732)
at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:752)
at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleGrantPrivilegeCore(SentryStore.java:389)
at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleGrantPrivilege(SentryStore.java:329)
at org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_grant_privilege(SentryPolicyStoreProcessor.java:249)