[jira] [Commented] (SENTRY-473) Support revoking privilege with grant option

Thu, 12 Mar 2015 01:59:08 -0700 

    [ 
https://issues.apache.org/jira/browse/SENTRY-473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14358334#comment-14358334
 ] 

Hadoop QA commented on SENTRY-473:
----------------------------------

Here are the results of testing the latest attachment
https://issues.apache.org/jira/secure/attachment/12704116/SENTRY-473.006.patch 
against master.

{color:green}Overall:{color} +1 all checks pass

{color:green}SUCCESS:{color} all tests passed

Console output: https://builds.apache.org/job/PreCommit-SENTRY-Build/493/console

This message is automatically generated.

> Support revoking privilege with grant option
> --------------------------------------------
>
>                 Key: SENTRY-473
>                 URL: https://issues.apache.org/jira/browse/SENTRY-473
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Xiaomeng Huang
>            Assignee: Xiaomeng Huang
>         Attachments: SENTRY-473.001.patch, SENTRY-473.002.patch, 
> SENTRY-473.003.patch, SENTRY-473.004.patch, SENTRY-473.005.patch, 
> SENTRY-473.006.patch
>
>
> SENTRY-327 is based on Hive-0.13, now hive-0.14 have supported revoking 
> privilege with grant option in HIVE-7404.
> It looks like:
> {code}
> REVOKE [GRANT OPTION FOR]
>     priv_type [, priv_type ] ...
>     ON table_or_view_name
>     FROM principal_specification [, principal_specification] ... ;
> {code}
> We should support downgrade grant option for "GRANT OPTION FOR". It means 
> when "GRANT OPTION FOR" set, we just modify grant option of this privilege 
> from true to false.
> use cases:
> {code}
> 1. grant ALL on database db1 to role role1;
> 2. grant ALL on database db1 to role role2 with grant option;
> 3. revoke grant option for ALL on database db1 from role role1;
> 4. revoke grant option for ALL on database db1 from role role2;
> 5. revoke ALL on database db1 from role role2;
> {code}
> After 3rd command executed, role1 still has privilege with action ALL on db1, 
> grant option is false.
> After 4th command executed, role2 downgrade privilege to grant option is 
> false.
> After 5th command executed, role2 will remove privilege with action ALL on 
> db1.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to