[
https://issues.apache.org/jira/browse/SENTRY-2274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16531646#comment-16531646
]
kalyan kumar kalvagadda commented on SENTRY-2274:
-------------------------------------------------
[~LinaAtAustin]
Here is my explanation
* It does not find owner privilege that has grant option. It is possible that
right now the grant option is disabled, but existing owner privileges have that
enabled. Need to find owner privilege that has grant option and without grant
option
[Kalyan] "getMSentryPrivileges" would return all the owner privilege with and
with out grant option. Why do you think that is not the case?
* If user is stale (no associated privileges), it should be removed, not
persisted.
[Kalyan] That's true and that is what current code does. Look at persistEntity
API.
* If the previous owner is a role, need to update role as well, not just user.
[Kalyan] When a privilege is deleted all it's associations will be removed.
There is special logic for user to identify stale users and remove them
Have you seen these issue while testing? Is is just based on looking at the
code?
> Grant and revoke owner privileges based on HMS updates(server-side)
> -------------------------------------------------------------------
>
> Key: SENTRY-2274
> URL: https://issues.apache.org/jira/browse/SENTRY-2274
> Project: Sentry
> Issue Type: Sub-task
> Components: Sentry
> Affects Versions: 2.1.0
> Reporter: kalyan kumar kalvagadda
> Assignee: kalyan kumar kalvagadda
> Priority: Major
> Fix For: 2.1.0
>
> Attachments: SENTRY-2274.001.patch, SENTRY-2274.002.patch
>
>
> Sentry has SentrySyncHMSNotificationsPostEventListener which is added as a
> post listener in HMS. This listener should be extended to get the owner
> information of tables and databases.
> Based on these notifications owner privileges are granted/revoked.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
