Na Li created SENTRY-2264:
-----------------------------
Summary: It is possible to elevate privileges from DROP using
alter table rename
Key: SENTRY-2264
URL: https://issues.apache.org/jira/browse/SENTRY-2264
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.1.0
Reporter: Na Li
Assignee: Na Li
After introducing FGP, a user with only DROP on a database db1 and at least
CREATE on db2 can run ALTER TABLE RENAME db1.table1 db2.table2, and thus
elevate their privileges.
To reproduce:
As admin (e.g. hive):
1. Create db1, db1.table1, db2, role r1.
2. Grant DROP on db1 to role r1.
3. Grant ALL on db2 to role r1
4. Grant role r1 to user testuser1.
As testuser1:
1. use db1; alter table db1.table1 rename to db2.table1
2. select * from db2. table1
Result: the select command succeeds.
Desired behavior:
we should at least require following privileges to execute the table rename
command:
table level "SELECT" and database level "DELECT" at source
database level "CREATE, INSERT, ALTER" at destination.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
