Uploaded image for project: 'Sentry'
  1. Sentry
  2. SENTRY-694

Sentry leaving orphan rows in SENTRY_DB_PRIVILEGE

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: 1.4.0
    • Fix Version/s: 1.5.0
    • Component/s: None
    • Labels:
      None
    • Environment:

      CentOS 6.6

      Description

      It appears that when a role is dropped the privileges granted to that role remain in SENTRY_DB_PRIVILEGE

      0: jdbc:hive2://localhost:10000/default> CREATE ROLE FOO;

      No rows affected (0.102 seconds)

      0: jdbc:hive2://localhost:10000/default> GRANT ALL ON DATABASE EMR TO ROLE FOO;

      No rows affected (0.129 seconds)

      0: jdbc:hive2://localhost:10000/default> DROP ROLE FOO;

      No rows affected (0.129 seconds)

      0: jdbc:hive2://localhost:10000/default> CREATE ROLE FOO;

      No rows affected (0.105 seconds)

      0: jdbc:hive2://localhost:10000/default> GRANT ALL ON DATABASE EMR TO FOO;

      Error: Error while compiling statement: FAILED: ParseException line 1:29 cannot recognize input near 'FOO' '<EOF>' '<EOF>' in user|group|role name (state=42000,code=40000)

      0: jdbc:hive2://localhost:10000/default> GRANT ALL ON DATABASE EMR TO ROLE FOO;

      Error: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.SentryGrantRevokeTask. Unknown error for request: TAlterSentryRoleGrantPrivilegeRequest(protocol_version:1, requestorUserName:phidemo, roleName:FOO, privilege:TSentryPrivilege(privilegeScope:DATABASE, serverName:server1, dbName:EMR, tableName:, URI:, action:, createTime:1428717194418, grantOption:FALSE)), message: Insert of object "org.apache.sentry.provider.db.service.model.MSentryPrivilege@7ecb6306" using statement "INSERT INTO `SENTRY_DB_PRIVILEGE` (`DB_PRIVILEGE_ID`,`SERVER_NAME`,`URI`,`PRIVILEGE_SCOPE`,`WITH_GRANT_OPTION`,`DB_NAME`,`TABLE_NAME`,`ACTION`,`CREATE_TIME`) VALUES (?,?,?,?,?,?,?,?,?)" failed : Duplicate entry 'server1-emr-_NULLNULLN' for key 'SENTRY_DB_PRIV_PRIV_NAME_UNIQ'. Server Stacktrace: javax.jdo.JDODataStoreException: Insert of object "org.apache.sentry.provider.db.service.model.MSentryPrivilege@7ecb6306" using statement "INSERT INTO `SENTRY_DB_PRIVILEGE` (`DB_PRIVILEGE_ID`,`SERVER_NAME`,`URI`,`PRIVILEGE_SCOPE`,`WITH_GRANT_OPTION`,`DB_NAME`,`TABLE_NAME`,`ACTION`,`CREATE_TIME`) VALUES (?,?,?,?,?,?,?,?,?)" failed : Duplicate entry 'server1-emrNULLNULL_*-N' for key 'SENTRY_DB_PRIV_PRIV_NAME_UNIQ'

      at org.datanucleus.api.jdo.NucleusJDOHelper.getJDOExceptionForNucleusException(NucleusJDOHelper.java:451)

      at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:732)

      at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:752)

      at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleGrantPrivilegeCore(SentryStore.java:389)

      at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleGrantPrivilege(SentryStore.java:329)

      at org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_grant_privilege(SentryPolicyStoreProcessor.java:249)

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jdarrah John
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: