----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/67539/#review204713 -----------------------------------------------------------
sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java Lines 108-113 (original), 108-114 (patched) <https://reviews.apache.org/r/67539/#comment287348> The ALTER privilege is also required in the source table as it is the action the user is doing ALTER TABLE. We don't have a DELETE privilege yet, so should we treat this case as the user requires ALL privileges in the source table instead? Why is the ALTER privilege required on the destination? Is the INSERT on the database needed? This means the user won't be able to move tables between databases they have CREATE privileges. The CREATE comes with OWNER privileges, so the user will end up having ALL privileges in the table anyway. Which brings an interesting question, if I have ALL privileges (but not ownership) and I move the table, then I will transfer the ownership to me. We need to check if HMS generates only an ALTER operation in this cases of if it generates DROP and CREATE events which will complicate things. If ownership is disabled, then If the user has ALL privileges in the source table, then when moving the table those privileges will be moved so the user will have ALL privileges in the destination table. - Sergio Pena On June 12, 2018, 8:16 p.m., Na Li wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/67539/ > ----------------------------------------------------------- > > (Updated June 12, 2018, 8:16 p.m.) > > > Review request for sentry, kalyan kumar kalvagadda and Sergio Pena. > > > Bugs: sentry-2264 > https://issues.apache.org/jira/browse/sentry-2264 > > > Repository: sentry > > > Description > ------- > > change privilege for table rename > > > Diffs > ----- > > > sentry-binding/sentry-binding-hive/src/main/java/org/apache/sentry/binding/hive/authz/HiveAuthzPrivilegesMap.java > 4f932ea > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart1.java > 1e72990 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestOperationsPart2.java > cf89b5d > > > Diff: https://reviews.apache.org/r/67539/diff/2/ > > > Testing > ------- > > > Thanks, > > Na Li > >