[
https://issues.apache.org/jira/browse/SENTRY-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14115634#comment-14115634
]
Sravya Tirukkovalur commented on SENTRY-331:
--------------------------------------------
Attaching an updated complete patch. Adding following privileges: Create, Drop,
Alter, Index and Lock.
Following broad rules apply:
Creating a data object requires "create" privilege on the parent. That is,
create table requires create on db, create db requires create on server.
Dropping a data object requires "drop" privilege on that object.
All alter commands require "alter" privilege on that table with the following
exceptions:
-- Alter table drop also requires "drop" privilege on the table in addition to
"alter".
-- Alter table index rebuild only requires "index" privilege on the table
-- Alter table rename also requires "create" on db.
Locking table requires "lock" on table.
This patch also fixes SENTRY-413 and SENTRY-414
Note: I put comment "//TODO: Make sure" in the places where a second opinion
will help to make sure we are enforcing the right privileges for those commands.
> Add more granular privileges to the DBModel
> -------------------------------------------
>
> Key: SENTRY-331
> URL: https://issues.apache.org/jira/browse/SENTRY-331
> Project: Sentry
> Issue Type: New Feature
> Affects Versions: 1.3.0
> Reporter: Sravya Tirukkovalur
> Assignee: Sravya Tirukkovalur
> Fix For: 1.5.0
>
> Attachments: SENTRY-331.0.patch, SENTRY-331.1.patch
>
>
> Specifically it would be good to split "All" privilege into "Create", "Drop"
> and "Alter"
--
This message was sent by Atlassian JIRA
(v6.2#6252)
