[
https://issues.apache.org/jira/browse/SENTRY-2507?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16785161#comment-16785161
]
Na Li commented on SENTRY-2507:
-------------------------------
>From hive beeline, user no_pri ha "ALL" privilege on default.tb1. user
>no_pri_2 does not have any privilege
1) show databases;
1.1) with ALL privilege on default.tb1
default
1.2) no privilege at all
default
2) describe database default;
2.1) with ALL privilege on default.tb1
Error while compiling statement: FAILED: SemanticException No valid privileges
User no_pri does not have privileges for DESCDATABASE The required privileges:
Server=server1->Db=default->action=select->grantOption=false;Server=server1->Db=default->action=insert->grantOption=false;
2.2) no privilege at all
Error while compiling statement: FAILED: SemanticException No valid privileges
User no_pri_2 does not have privileges for SWITCHDATABASE The required
privileges:
Server=server1->Db=*->Table=+->Column=*->action=select->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=insert->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=alter->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=create->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=drop->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=index->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=lock->grantOption=false;
3) use default;
3.1) with ALL privilege on default.tb1;
succeed
3.2) no privilege at all
Error while compiling statement: FAILED: SemanticException No valid privileges
User no_pri_2 does not have privileges for SWITCHDATABASE The required
privileges:
Server=server1->Db=*->Table=+->Column=*->action=select->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=insert->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=alter->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=create->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=drop->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=index->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=lock->grantOption=false;
4) show tables;
4.1) with ALL privilege on default.tb1;
tb1
4.2) no privilege at all
Error while compiling statement: FAILED: SemanticException No valid privileges
User no_pri_2 does not have privileges for SWITCHDATABASE The required
privileges:
Server=server1->Db=*->Table=+->Column=*->action=select->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=insert->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=alter->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=create->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=drop->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=index->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=lock->grantOption=false;
> Authorization of "default" database is not controlled by
> "sentry.hive.restrict.defaultDB" at HMS server
> -------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-2507
> URL: https://issues.apache.org/jira/browse/SENTRY-2507
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Reporter: Na Li
> Priority: Major
>
> If "sentry.hive.restrict.defaultDB" at sentry-site.xml at HMS server is set
> to be false, user still has to have "SELECT", or "INSERT", or "ALL" privilege
> on the "default" database in order to access it.
> This behavior is not consistent with the behavior at Hive server.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
