[
https://issues.apache.org/jira/browse/SENTRY-921?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14969655#comment-14969655
]
Anne Yu commented on SENTRY-921:
--------------------------------
[~sravya], [~guoquan], filed a bug related column level privileges.
> [column level privilege] after add a new column into the existing table, show
> columns can't show the new column, besides select column level privilege,
> require insert column level privilege
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-921
> URL: https://issues.apache.org/jira/browse/SENTRY-921
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 1.6.0
> Reporter: Anne Yu
>
> {code}
> 2015-10-22 11:42:18,143 (HiveServer2-Background-Pool: Thread-293) [DEBUG -
> org.apache.sentry.provider.common.ResourceAuthorizationProvider.doHasAccess(ResourceAuthorizationProvider.java:113)]
> ProviderPrivilege server=+, RequestPrivilege
> Server=server1->Db=test_col_metadata_ops_db->Table=test_col_metadata_ops_tb->Column=newcol->action=select,
> RoleSet, ActiveRoleSet = [ roles = ALL , Result false
> {code}
> To reproduce this issue:
> {code}
> create test_role;
> create test_db;
> use test_db;
> create test_tb(s STRING, i INT);
> grant select(s) to role test_role;
> grant role test_role to GROUP1;
> {code}
> From here, USER1 can show columns with s listed;
> {code}
> alter table test_tb add columns(newcols STRING);
> grant select(newcols) on table test_tb to role test_role;
> {code}
> From here, USER1 can show columns with s listed, but now newcols.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
