[jira] [Updated] (SENTRY-1825) Dropping a Hive database/table doesn't cleanup the permissions associated with it

Tue, 18 Jul 2017 13:20:03 -0700 

     [ 
https://issues.apache.org/jira/browse/SENTRY-1825?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

kalyan kumar kalvagadda updated SENTRY-1825:
--------------------------------------------
    Status: Open  (was: Patch Available)

> Dropping a Hive database/table doesn't cleanup the permissions associated 
> with it 
> ----------------------------------------------------------------------------------
>
>                 Key: SENTRY-1825
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1825
>             Project: Sentry
>          Issue Type: Sub-task
>    Affects Versions: sentry-ha-redesign
>            Reporter: Vamsee Yarlagadda
>            Assignee: Na Li
>            Priority: Critical
>              Labels: sentry-ha
>         Attachments: SENTRY-1825.001-sentry-ha-redesign.patch, 
> SENTRY-1825.002-sentry-ha-redesign.patch, 
> SENTRY-1825.003-sentry-ha-redesign.patch, 
> SENTRY-1825.004-sentry-ha-redesign.patch
>
>
> Sasha helped in finding this bug. Looks like dropping a database/table does 
> no longer clean up the privileges associated with it.
> This problem is because of:
> https://github.com/apache/sentry/blob/sentry-ha-redesign/sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/HMSFollower.java#L126-L127
> {code}
> final HiveConf hiveConf = new HiveConf();
>     hiveInstance = 
> hiveConf.get(HiveAuthzConf.AuthzConfVars.AUTHZ_SERVER_NAME.getVar());
> {code}
> With the latest redesign, we are only setting this property on Hive's 
> (sentry-site.xml) and not on Sentry's (sentry-site.xml).
> So during permission grants, Hive ensures to supply the *server1* for 
> permission updates. But when we drop the table/database that has the perms 
> attached, it goes through HMSFollower and this code sets the property as NULL 
> as sentry-site.xml doesn't have this set. So it attempts to remove 
> permissions with NULL server setting and this always returns without deleting 
> anything. 
> We need to ensure that the corresponding property is set on both (Sentry, 
> Hive) sentry-site.xml to ensure referring to proper privileges. 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to