[ https://issues.apache.org/jira/browse/SENTRY-2091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Na Li updated SENTRY-2091: -------------------------- Attachment: SENTRY-2091.004.patch v4 again to trigger the test > User-based Privilege is broken by SENTRY-769 > -------------------------------------------- > > Key: SENTRY-2091 > URL: https://issues.apache.org/jira/browse/SENTRY-2091 > Project: Sentry > Issue Type: Bug > Components: Sentry > Affects Versions: 2.1.0 > Reporter: Na Li > Assignee: Na Li > Attachments: SENTRY-2091.001.patch, SENTRY-2091.002.patch, > SENTRY-2091.003.patch, SENTRY-2091.004.patch, SENTRY-2091.004.patch > > > SENTRY-769 throws exception when a user has no group. This breaks user-based > privilege as the exception prevents getting privilege using user-based > privilege. > For example, in the following code > {code} > Set<String> userPrivileges = > authProvider.getPolicyEngine().getPrivileges( > authProvider.getGroupMapping().getGroups(userName), > Sets.newHashSet(userName), > hiveAuthzBinding.getActiveRoleSet(), > hiveAuthzBinding.getAuthServer()); > {code} > when user has no group, the exception causes the processing stops even when > user has privilege. > The solution is to catch the exception, and continue the processing. > {code} > try { > Set<String> groups = null; > try { > groups = authProvider.getGroupMapping().getGroups(userName) > } catch (SentryGroupNotFoundException ex) { > log.debug(...); > groups = new HashSet<String>(); > } > Set<String> userPrivileges = > authProvider.getPolicyEngine().getPrivileges( > groups, Sets.newHashSet(userName), > hiveAuthzBinding.getActiveRoleSet(), > hiveAuthzBinding.getAuthServer()); > ... > } > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)