[jira] [Created] (SENTRY-2268) Review the required privileges for DDL commands

Na Li (JIRA) Tue, 12 Jun 2018 12:43:16 -0700

Na Li created SENTRY-2268:
-----------------------------

             Summary: Review the required privileges for DDL commands
                 Key: SENTRY-2268
                 URL: https://issues.apache.org/jira/browse/SENTRY-2268
             Project: Sentry
          Issue Type: Bug
            Reporter: Na Li



The privileges required for DDL commands are listed in HiveAuthzPrivilegesMap. 

{code}
addOutputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER))
{code}
means the required output privileges is table level insert OR alter.

{code}
addOutputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.INSERT)).
addOutputObjectPriviledge(AuthorizableType.Table, 
EnumSet.of(DBModelAction.ALTER))
{code}

means the required output privileges is table level insert AND alter.

We need to review the privileges to see if they are defined correctly. I 
suspect multiple definitions want to have privileges with AND, but end up 
getting privileges with OR.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (SENTRY-2268) Review the required privileges for DDL commands

Reply via email to