Na Li created SENTRY-2354:
-----------------------------
Summary: Beeline error message only shows one of the permissions
when multiple permissions are required for an operation
Key: SENTRY-2354
URL: https://issues.apache.org/jira/browse/SENTRY-2354
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.1.0
Reporter: Na Li
Assignee: Na Li
When multiple permissions are required by a principle for an operation in
beeline to be authorized by sentry, beeline only displays one of the needed
permissions in its error message.
For example, to execute ALTER TABLE SET LOCATION, a principle needs ALL on the
location URI, and ALTER on the table. If a user's role has neither of these,
beeline just displays that the role needs ALL on the location URI. Once the
user role has all on the location URI, then beeline displays that the user role
needs ALTER on the table.
Before the role has any privileges:
> alter table db1.table1 set location '/tmp';
Error: Error while compiling statement: FAILED: SemanticException No valid
privileges
User merry does not have privileges for ALTERTABLE_LOCATION
The required privileges:
Server=server1->URI=hdfs://rogue-4.gce.com:8020/tmp->action=*;
(state=42000,code=40000)
After granting all on the location URI:
> alter table db1.table1 set location '/tmp';
Error: Error while compiling statement: FAILED: SemanticException No valid
privileges
User merry does not have privileges for ALTERTABLE_LOCATION
The required privileges: Server=server1->Db=db1->Table=table1->action=alter;
(state=42000,code=40000)
Instead, the error message should be something like the following:
The required privileges are all of:
Server=server1->URI=hdfs://rogue-4.gce.com:8020/tmp->action=*;Server=server1->Db=db1->Table=table1->action=alter;
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
