[SENTRY-715] ACLs are not updated on a table until the first explicit GRANT statement. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.5.0
Fix Version/s: 1.5.0
Component/s: None
Labels:
None

Description

CREATE ROLE systest_default;
GRANT ROLE systest_default TO GROUP systest;
GRANT ALL ON DATABASE default to ROLE systest_default;

2. kinit as systest
CREATE TABLE test_tbl (i int);
INSERT INTO TABLE test_tbl SELECT 1;

3. Look at ACLs (note that systest is not included):
[root@lenni-ssl-2 ~]# hadoop fs -getfacl /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.

file: /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
owner: hive
group: hive
user::rwx
user:hive:rwx
group:hive:rwx
other::---
mask::rwx
other::---

4. If a GRANT SELECT ON TABLE test_tbl is executed after the table is created, the privileges are updated. But note that the systest only has read privileges and not read/write (it should inherit the ALL on the database):

[root@lenni-ssl-2 ~]# hadoop fs -getfacl /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.
a# file: /user/hive/warehouse/test_tbl/f4db14c9df67efd-7f75a399c558b896_1419062973_data.0.

owner: hive
group: hive
user::rwx
user:hive:rwx
group:hive:rwx
other::---
group:systest:r-x
mask::rwx
other::---

Attachments

Activity

People

Assignee:: Prasad Suresh Mujumdar

Reporter:: Prasad Suresh Mujumdar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 29/Apr/15 16:29

Updated:: 20/Jul/15 21:52

Resolved:: 20/Jul/15 21:52