> On Sept. 4, 2018, 9:49 p.m., Na Li wrote: > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > > Lines 866 (patched) > > <https://reviews.apache.org/r/68624/diff/1/?file=2082219#file2082219line880> > > > > if action is ALL or ACTION_ALL, SHOULD you continue? Before calling > > this function, if the action to grant is all, and all is already granted, > > we can do nothing > > Sergio Pena wrote: > No. This part of the code drops the privileges before granting the new > one. If I leave ALL, then we might have two entries with ALL. OWNER is the > special privilege that cannot be combined with ALL because means the same.
1) If the principle has "ALL with grant option", and to be granted with "ALL". If you remove existing one, then grant option is lost. Is this the correct behavior? 2) If the principle has "ALL", and to be granted with "ALL with grant option". If you remove existing one, then ALL with grant option is granted. I think this is the correct behavior. - Na ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/68624/#review208323 ----------------------------------------------------------- On Sept. 4, 2018, 7:02 p.m., Sergio Pena wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/68624/ > ----------------------------------------------------------- > > (Updated Sept. 4, 2018, 7:02 p.m.) > > > Review request for sentry, Arjun Mishra, kalyan kumar kalvagadda, and Na Li. > > > Bugs: sentry-2315 > https://issues.apache.org/jira/browse/sentry-2315 > > > Repository: sentry > > > Description > ------- > > Fixes the issue where GRANT ALL does not include the ALTER privilege. > > It does not fix the REVOKE command where revoking a single privilege will end > up revoking ALL and granting all invididual supported privileges. For now, > such behavior only works for SELECT and INSERT. > > > Diffs > ----- > > > sentry-service/sentry-service-server/src/main/java/org/apache/sentry/provider/db/service/persistent/SentryStore.java > db8c08ba0839400c65658e90ebd18906fed9919f > > sentry-service/sentry-service-server/src/test/java/org/apache/sentry/provider/db/service/persistent/TestSentryStore.java > 6b732ea5a89dafd94a6a3ae9c423747118352d84 > > > Diff: https://reviews.apache.org/r/68624/diff/1/ > > > Testing > ------- > > > Thanks, > > Sergio Pena > >
