[ https://issues.apache.org/jira/browse/SENTRY-2265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Na Li updated SENTRY-2265: -------------------------- Description: When authorization is done, sentry binding should translate owner privilege to "ALL" before using it. In CommonPrivilege, need to add Owner privilege and treat it as ALL privilege for authorization {code} private boolean impliesResource(ImplyMethodType implyMethodType, String policyValue, String requestValue) { // wildcard support, "*", "+", "all"("+" and "all" are for backward compatibility) are represented as wildcard // if requestValue is wildcard, means privilege request is to match with any value of given resource if (SentryConstants.RESOURCE_WILDCARD_VALUE.equals(policyValue) || SentryConstants.RESOURCE_WILDCARD_VALUE.equals(requestValue) || SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(policyValue) || SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(requestValue) || SentryConstants.RESOURCE_WILDCARD_VALUE_SOME.equals(requestValue)) { return true; } {code} was:When authorization is done, sentry binding should translate owner privilege to "ALL" before using it. > Translate owner privilege in sentry binding for authorization > ------------------------------------------------------------- > > Key: SENTRY-2265 > URL: https://issues.apache.org/jira/browse/SENTRY-2265 > Project: Sentry > Issue Type: Sub-task > Components: Sentry > Reporter: kalyan kumar kalvagadda > Assignee: kalyan kumar kalvagadda > Priority: Major > > When authorization is done, sentry binding should translate owner privilege > to "ALL" before using it. > In CommonPrivilege, need to add Owner privilege and treat it as ALL privilege > for authorization > {code} > private boolean impliesResource(ImplyMethodType implyMethodType, String > policyValue, String requestValue) { > // wildcard support, "*", "+", "all"("+" and "all" are for backward > compatibility) are represented as wildcard > // if requestValue is wildcard, means privilege request is to match with > any value of given resource > if (SentryConstants.RESOURCE_WILDCARD_VALUE.equals(policyValue) > || SentryConstants.RESOURCE_WILDCARD_VALUE.equals(requestValue) > || > SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(policyValue) > || > SentryConstants.RESOURCE_WILDCARD_VALUE_ALL.equalsIgnoreCase(requestValue) > || > SentryConstants.RESOURCE_WILDCARD_VALUE_SOME.equals(requestValue)) { > return true; > } > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)