[jira] [Commented] (SENTRY-1407) 'default' database is listed without having any grants on it

Wed, 31 Oct 2018 09:34:29 -0700 


    [ 
https://issues.apache.org/jira/browse/SENTRY-1407?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16670354#comment-16670354
 ] 

Ben Breakstone commented on SENTRY-1407:
----------------------------------------

[~morhidi], this behavior is an exception to the standard security model. My 
understanding is that some client was found in testing to experience a critical 
failure if the "default" database couldn't be listed (although I haven't been 
able to learn exactly which client). 

In Hive, you can get the "default" database to follow the same behavior as 
other databases by configuring sentry.hive.restrict.defaultDB = true.

Unfortunately, Impala doesn't have an equivalent option. See IMPALA-7334 for a 
feature request to add one.

> 'default' database is listed without having any grants on it
> ------------------------------------------------------------
>
>                 Key: SENTRY-1407
>                 URL: https://issues.apache.org/jira/browse/SENTRY-1407
>             Project: Sentry
>          Issue Type: Bug
>          Components: Hive V2
>    Affects Versions: 1.5.1
>            Reporter: Matyas Orhidi
>            Priority: Major
>
> {{default}} database should not be listed when issuing the {{show database}} 
> command and the user has no privileges on the object:
> {code}
> 0: jdbc:hive2://localhost:10000/default> show current roles;
> +---------------+--+
> |     role      |
> +---------------+--+
> | analyst_role  |
> +---------------+--+
> 1 row selected (0.086 seconds)
> 0: jdbc:hive2://localhost:10000/default> show grant role analyst_role;
> +------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> |     database     | table  | partition  | column  | principal_name  | 
> principal_type  | privilege  | grant_option  |    grant_time     | grantor  |
> +------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> | sample_database  |        |            |         | analyst_role    | ROLE   
>          | *          | false         | 1464280571499000  | --       |
> +------------------+--------+------------+---------+-----------------+-----------------+------------+---------------+-------------------+----------+--+
> 1 row selected (0.087 seconds)
> 0: jdbc:hive2://localhost:10000/default> show databases;
> +------------------+--+
> |  database_name   |
> +------------------+--+
> | default          |
> | sample_database  |
> +------------------+--+
> 2 rows selected (0.137 seconds)
> 0: jdbc:hive2://localhost:10000/default>
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to