Na Li created SENTRY-2268: ----------------------------- Summary: Review the required privileges for DDL commands Key: SENTRY-2268 URL: https://issues.apache.org/jira/browse/SENTRY-2268 Project: Sentry Issue Type: Bug Reporter: Na Li
The privileges required for DDL commands are listed in HiveAuthzPrivilegesMap. {code} addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER)) {code} means the required output privileges is table level insert OR alter. {code} addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.INSERT)). addOutputObjectPriviledge(AuthorizableType.Table, EnumSet.of(DBModelAction.ALTER)) {code} means the required output privileges is table level insert AND alter. We need to review the privileges to see if they are defined correctly. I suspect multiple definitions want to have privileges with AND, but end up getting privileges with OR. -- This message was sent by Atlassian JIRA (v7.6.3#76005)