[ https://issues.apache.org/jira/browse/SENTRY-2268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Na Li reassigned SENTRY-2268: ----------------------------- Assignee: Na Li > Review the required privileges for DDL commands > ----------------------------------------------- > > Key: SENTRY-2268 > URL: https://issues.apache.org/jira/browse/SENTRY-2268 > Project: Sentry > Issue Type: Task > Reporter: Na Li > Assignee: Na Li > Priority: Major > > The privileges required for DDL commands are listed in > HiveAuthzPrivilegesMap. > {code} > addOutputObjectPriviledge(AuthorizableType.Table, > EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER)) > {code} > means the required output privileges is table level insert OR alter. > {code} > addOutputObjectPriviledge(AuthorizableType.Table, > EnumSet.of(DBModelAction.INSERT)). > addOutputObjectPriviledge(AuthorizableType.Table, > EnumSet.of(DBModelAction.ALTER)) > {code} > means the required output privileges is table level insert AND alter. > We need to review the privileges to see if they are defined correctly. I > suspect multiple definitions want to have privileges with AND, but end up > getting privileges with OR. > We should also check if the privilege level is correct. for example, "insert" > is table level privilege. It does not make sense to require database level > "insert". -- This message was sent by Atlassian JIRA (v7.6.3#76005)