[
https://issues.apache.org/jira/browse/SENTRY-591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Xiaomeng Huang updated SENTRY-591:
----------------------------------
Description:
Currently Create Table in sentry need input permission in DB like below:
{code}
HiveAuthzPrivileges tableCreatePrivilege = new
HiveAuthzPrivileges.AuthzPrivilegeBuilder().
addInputObjectPriviledge(AuthorizableType.Db,
EnumSet.of(DBModelAction.CREATE)).
addInputObjectPriviledge(AuthorizableType.URI,
EnumSet.of(DBModelAction.ALL)).//TODO: make it optional
setOperationScope(HiveOperationScope.DATABASE).
setOperationType(HiveOperationType.DDL).
build();
{code}
But when we execute "create table", we can get entities from WriteEntity, and
get nothing from ReadEntity, so we should change input to output for
CreateTable.
This jira also blocks V2 feature, in V2, I just get enities from
ReadEnity/WriteEnity.
> create table should have output privilege in DB scope
> -----------------------------------------------------
>
> Key: SENTRY-591
> URL: https://issues.apache.org/jira/browse/SENTRY-591
> Project: Sentry
> Issue Type: Bug
> Reporter: Xiaomeng Huang
> Assignee: Xiaomeng Huang
>
> Currently Create Table in sentry need input permission in DB like below:
> {code}
> HiveAuthzPrivileges tableCreatePrivilege = new
> HiveAuthzPrivileges.AuthzPrivilegeBuilder().
> addInputObjectPriviledge(AuthorizableType.Db,
> EnumSet.of(DBModelAction.CREATE)).
> addInputObjectPriviledge(AuthorizableType.URI,
> EnumSet.of(DBModelAction.ALL)).//TODO: make it optional
> setOperationScope(HiveOperationScope.DATABASE).
> setOperationType(HiveOperationType.DDL).
> build();
> {code}
> But when we execute "create table", we can get entities from WriteEntity, and
> get nothing from ReadEntity, so we should change input to output for
> CreateTable.
> This jira also blocks V2 feature, in V2, I just get enities from
> ReadEnity/WriteEnity.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
