[
https://issues.apache.org/jira/browse/SENTRY-2268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Na Li reassigned SENTRY-2268:
-----------------------------
Assignee: Na Li
> Review the required privileges for DDL commands
> -----------------------------------------------
>
> Key: SENTRY-2268
> URL: https://issues.apache.org/jira/browse/SENTRY-2268
> Project: Sentry
> Issue Type: Task
> Reporter: Na Li
> Assignee: Na Li
> Priority: Major
>
> The privileges required for DDL commands are listed in
> HiveAuthzPrivilegesMap.
> {code}
> addOutputObjectPriviledge(AuthorizableType.Table,
> EnumSet.of(DBModelAction.INSERT, DBModelAction.ALTER))
> {code}
> means the required output privileges is table level insert OR alter.
> {code}
> addOutputObjectPriviledge(AuthorizableType.Table,
> EnumSet.of(DBModelAction.INSERT)).
> addOutputObjectPriviledge(AuthorizableType.Table,
> EnumSet.of(DBModelAction.ALTER))
> {code}
> means the required output privileges is table level insert AND alter.
> We need to review the privileges to see if they are defined correctly. I
> suspect multiple definitions want to have privileges with AND, but end up
> getting privileges with OR.
> We should also check if the privilege level is correct. for example, "insert"
> is table level privilege. It does not make sense to require database level
> "insert".
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
