[jira] [Commented] (SENTRY-2274) Grant and revoke owner privileges based on HMS updates(server-side)

Tue, 03 Jul 2018 07:59:12 -0700 


    [ 
https://issues.apache.org/jira/browse/SENTRY-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16531517#comment-16531517
 ] 

Na Li commented on SENTRY-2274:
-------------------------------

[~kkalyan] There are multiple issues in the following function

* It does not find owner privilege that has grant option. It is possible that 
right now the grant option is disabled, but existing owner privileges have that 
enabled. Need to find owner privilege that has grant option and without grant 
option
* If user is stale (no associated privileges), it should be removed, not 
persisted.
* If the previous owner is a role, need to update role as well, not just user.

{code}
  public void revokeOwnerPrivilegesCore(PersistenceManager pm, final 
TSentryAuthorizable tAuthorizable)
      throws Exception{
    TSentryPrivilege tOwnerPrivilege = toSentryPrivilege(tAuthorizable);
    tOwnerPrivilege.setAction(AccessConstants.OWNER);

    // Finding owner privileges and removing them.
    List<MSentryPrivilege> mOwnerPrivileges = 
getMSentryPrivileges(tOwnerPrivilege, pm);
    for(MSentryPrivilege mOwnerPriv : mOwnerPrivileges) {
      Set<MSentryUser> users;
      users = mOwnerPriv.getUsers();
      // Making sure of removing stale users.
      for (MSentryUser user : users) {
        user.removePrivilege(mOwnerPriv);
        persistEntity(pm, SentryEntityType.USER, user);
      }
    }
    pm.deletePersistentAll(mOwnerPrivileges);
  }
{code}

Can you fix the above issues?

> Grant and revoke owner privileges based on HMS updates(server-side)
> -------------------------------------------------------------------
>
>                 Key: SENTRY-2274
>                 URL: https://issues.apache.org/jira/browse/SENTRY-2274
>             Project: Sentry
>          Issue Type: Sub-task
>          Components: Sentry
>    Affects Versions: 2.1.0
>            Reporter: kalyan kumar kalvagadda
>            Assignee: kalyan kumar kalvagadda
>            Priority: Major
>             Fix For: 2.1.0
>
>         Attachments: SENTRY-2274.001.patch, SENTRY-2274.002.patch
>
>
> Sentry has SentrySyncHMSNotificationsPostEventListener which is added as a 
> post listener in HMS. This listener should be extended to get the owner 
> information of tables and databases.
> Based on these notifications owner privileges are granted/revoked.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to