[
https://issues.apache.org/jira/browse/SENTRY-827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ryan P updated SENTRY-827:
--------------------------
Attachment: SENTRY-827.patch
So it looks like someone actually already tried to address this. The grant had
been fixed to allow SELECT, INSERT and ALL but we did not address the REVOKE.
That still remained ALL.
I finished the fix and wrote test to show both the granting and revoking of
Server Select privileges.
> Server Scope always grants ALL
> -------------------------------
>
> Key: SENTRY-827
> URL: https://issues.apache.org/jira/browse/SENTRY-827
> Project: Sentry
> Issue Type: Bug
> Reporter: Ryan P
> Assignee: Ryan P
> Attachments: SENTRY-827.patch
>
>
> In it's current state the following two commands result in ALL on SERVER
> server1:
> GRANT SELECT ON SERVER server1 TO ROLE read_role;
> GRANT INSERT ON SERVER server1 TO ROLE insert_role;
> This can cause users to unknowingly grant full privileges to user groups.
> Fixing this behavior will also allow us to mimic the previous behavior
> exhibited with Policy Files:
> read_role = server=server1->db=*->table=*->action=select
> insert_role = server=server1->db=*->table=*->action=insert
> Granting SELECT on SERVER would be far more pleasant than granting SELECT on
> each individual DATABASE
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
