Lenni Kuff created SENTRY-552:
---------------------------------
Summary: Downgrading privileges does not always work for
column-level privileges
Key: SENTRY-552
URL: https://issues.apache.org/jira/browse/SENTRY-552
Project: Sentry
Issue Type: Bug
Affects Versions: 1.5.0
Reporter: Lenni Kuff
Fix For: 1.5.0
The following doesn't work properly:
grant all on col1
grant all on col2
revoke select on col2
-- at this point, will have ALL on col1, INSERT on col2
revoke INSERT from table <--- Does not do the proper thing.
The expectation is that revoking INSERT from the table would remove INSERT
privilege on col2 and also downgrade the ALL privilege on col1 to SELECT.
Instead the privilege on col1 stays in-tact.
Note that this was exposed as part of the fix for SENTRY-543. Prior to that the
REVOKE would incorrectly remove both privileges.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
