Na Li created SENTRY-2091: ----------------------------- Summary: User-based Privilege is broken by SENTRY-769 Key: SENTRY-2091 URL: https://issues.apache.org/jira/browse/SENTRY-2091 Project: Sentry Issue Type: Bug Components: Sentry Affects Versions: 2.1.0 Reporter: Na Li Assignee: Na Li
SENTRY-769 throws exception when a user has no group. This breaks user-based privilege as the exception prevents getting privilege using user-based privilege. For example, in the following code {code} Set<String> userPrivileges = authProvider.getPolicyEngine().getPrivileges( authProvider.getGroupMapping().getGroups(userName), Sets.newHashSet(userName), hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer()); {code} when user has no group, the exception causes the processing stops even when user has privilege. The solution is to catch the exception, and continue the processing. {code} try { Set<String> groups = null; try { groups = authProvider.getGroupMapping().getGroups(userName) } catch (SentryGroupNotFoundException ex) { log.debug(...); groups = new HashSet<String>(); } Set<String> userPrivileges = authProvider.getPolicyEngine().getPrivileges( groups, Sets.newHashSet(userName), hiveAuthzBinding.getActiveRoleSet(), hiveAuthzBinding.getAuthServer()); ... } {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)