[jira] [Updated] (SENTRY-2141) Sentry Privilege TimeStamp is not converted to grantTime in HivePrivilegeInfo correctly
[ https://issues.apache.org/jira/browse/SENTRY-2141?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Na Li updated SENTRY-2141: -- Attachment: SENTRY-2141.002.patch > Sentry Privilege TimeStamp is not converted to grantTime in HivePrivilegeInfo > correctly > --- > > Key: SENTRY-2141 > URL: https://issues.apache.org/jira/browse/SENTRY-2141 > Project: Sentry > Issue Type: Bug >Affects Versions: 2.0.0, 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Major > Attachments: SENTRY-2141.001.patch, SENTRY-2141.002.patch > > > sentry CreateTime is the difference, measured in milliseconds, between the > current time and midnight, January 1, 1970 UTC. hive granttime is in seconds. > So need to convert the time. > The original code just cost the timestamp from long to int without converting > milliseconds to seconds. Therefore, the timestamp value is wrong when > retrieving the privilege from hive. > The solution is to convert the time correctly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2089) Avoid THIRD-PARTY.properties source file being modified on every build
[
https://issues.apache.org/jira/browse/SENTRY-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367775#comment-16367775
]
kalyan kumar kalvagadda commented on SENTRY-2089:
-
[~xyu2017], [~spena], It should not be ignored as this file gets updated based
on the changes in dependencies. it we exclude it from git we should be good.
Code change i've done for SENTRY-2081 does that.
Let me get back on what's wrong here.
> Avoid THIRD-PARTY.properties source file being modified on every build
> --
>
> Key: SENTRY-2089
> URL: https://issues.apache.org/jira/browse/SENTRY-2089
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Xinran Tinney
>Priority: Major
>
> Every time I build sentry, I see the following unstaged changes on the master
> branch:
> {noformat}
> On branch master
> Your branch is up-to-date with 'apache/master'.
> Changes not staged for commit:
> (use "git add ..." to update what will be committed)
> (use "git checkout -- ..." to discard changes in working directory)
> modified: sentry-dist/src/license/THIRD-PARTY.properties
> no changes added to commit (use "git add" and/or "git commit -a")
> {noformat}
> We should investigate and avoid modifying such file because sometimes
> developers may do mistakes and run {{git add .}} and commit the patch with
> such new modification committed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Issue Comment Deleted] (SENTRY-2089) Avoid THIRD-PARTY.properties source file being modified on every build
[
https://issues.apache.org/jira/browse/SENTRY-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
kalyan kumar kalvagadda updated SENTRY-2089:
Comment: was deleted
(was: [~xyu2017] and [~spena] Yes, it can be ignored.)
> Avoid THIRD-PARTY.properties source file being modified on every build
> --
>
> Key: SENTRY-2089
> URL: https://issues.apache.org/jira/browse/SENTRY-2089
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Xinran Tinney
>Priority: Major
>
> Every time I build sentry, I see the following unstaged changes on the master
> branch:
> {noformat}
> On branch master
> Your branch is up-to-date with 'apache/master'.
> Changes not staged for commit:
> (use "git add ..." to update what will be committed)
> (use "git checkout -- ..." to discard changes in working directory)
> modified: sentry-dist/src/license/THIRD-PARTY.properties
> no changes added to commit (use "git add" and/or "git commit -a")
> {noformat}
> We should investigate and avoid modifying such file because sometimes
> developers may do mistakes and run {{git add .}} and commit the patch with
> such new modification committed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2089) Avoid THIRD-PARTY.properties source file being modified on every build
[
https://issues.apache.org/jira/browse/SENTRY-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367762#comment-16367762
]
kalyan kumar kalvagadda commented on SENTRY-2089:
-
[~xyu2017] and [~spena] Yes, it can be ignored.
> Avoid THIRD-PARTY.properties source file being modified on every build
> --
>
> Key: SENTRY-2089
> URL: https://issues.apache.org/jira/browse/SENTRY-2089
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Xinran Tinney
>Priority: Major
>
> Every time I build sentry, I see the following unstaged changes on the master
> branch:
> {noformat}
> On branch master
> Your branch is up-to-date with 'apache/master'.
> Changes not staged for commit:
> (use "git add ..." to update what will be committed)
> (use "git checkout -- ..." to discard changes in working directory)
> modified: sentry-dist/src/license/THIRD-PARTY.properties
> no changes added to commit (use "git add" and/or "git commit -a")
> {noformat}
> We should investigate and avoid modifying such file because sometimes
> developers may do mistakes and run {{git add .}} and commit the patch with
> such new modification committed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367758#comment-16367758 ] Sergio Peña commented on SENTRY-2140: - Btw, what is the difference between ABAC and TBAC? > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2140) Tag based access control
[ https://issues.apache.org/jira/browse/SENTRY-2140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367757#comment-16367757 ] Sergio Peña commented on SENTRY-2140: - That's ABAC added in our whishlist. There are no plans nor documents around it, though. > Tag based access control > > > Key: SENTRY-2140 > URL: https://issues.apache.org/jira/browse/SENTRY-2140 > Project: Sentry > Issue Type: New Feature > Components: Core >Reporter: Steve Moist >Priority: Major > > As a user, I want to have finer grain control over which users/roles can view > data in Hive. Some information such as Social Security Number is considered > very confidential information. I want to be able to tag columns in Hive with > "tags" that prevent users/roles from not accessing or seeing the data. For > users/roles that have that tag, they should be able to see that information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2089) Avoid THIRD-PARTY.properties source file being modified on every build
[
https://issues.apache.org/jira/browse/SENTRY-2089?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367754#comment-16367754
]
Sergio Peña commented on SENTRY-2089:
-
I think we do. [~kkalyan] Can this file be ignored when building with maven?
> Avoid THIRD-PARTY.properties source file being modified on every build
> --
>
> Key: SENTRY-2089
> URL: https://issues.apache.org/jira/browse/SENTRY-2089
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Xinran Tinney
>Priority: Major
>
> Every time I build sentry, I see the following unstaged changes on the master
> branch:
> {noformat}
> On branch master
> Your branch is up-to-date with 'apache/master'.
> Changes not staged for commit:
> (use "git add ..." to update what will be committed)
> (use "git checkout -- ..." to discard changes in working directory)
> modified: sentry-dist/src/license/THIRD-PARTY.properties
> no changes added to commit (use "git add" and/or "git commit -a")
> {noformat}
> We should investigate and avoid modifying such file because sometimes
> developers may do mistakes and run {{git add .}} and commit the patch with
> such new modification committed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-2075) Previous HMS event with incomplete message information is logged every 500ms
[
https://issues.apache.org/jira/browse/SENTRY-2075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367752#comment-16367752
]
Sergio Peña commented on SENTRY-2075:
-
Remove the json factory from the Hiveconf.
hiveConf.set("hcatalog.message.factory.impl.json",
"org.apache.sentry.binding.metastore.messaging.json.SentryJSONMessageFactory");
Sentry needs the SentryJSONMessageFactory set on the HMS configuration to get
the paths location. If this is not set, then Sentry will just print the
intermitent log.
> Previous HMS event with incomplete message information is logged every 500ms
>
>
> Key: SENTRY-2075
> URL: https://issues.apache.org/jira/browse/SENTRY-2075
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
>Affects Versions: 2.0.0
>Reporter: Sergio Peña
>Assignee: Xinran Tinney
>Priority: Major
>
> Sentry keeps logging the same invalid HMS event when such event has
> incomplete information (due to not using the Sentry JSON message factory for
> instance). This just causes a lot of noise on the log and also on the DB
> because keeps persisting the last ID seen.
> The log issue goes away once Sentry detects a valid message and the DB is
> cleaned afterward.
> Here's an example of the message logged every 500ms several times:
> {noformat}
> 2017-11-27 23:22:12,019 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:12,529 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:13,021 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:13,529 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:14,023 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:14,524 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:15,027 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:15,529 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:16,028 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:16,530 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:17,029 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:17,528 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:18,031 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:18,532 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:19,026 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:19,522 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:20,027 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:20,527 ERROR
> org.apache.sentry.service.thrift.NotificationProcessor: Create table event
> has incomplete information. dbName = default, tableName = t1, location = null
> 2017-11-27 23:22:21,
[jira] [Created] (SENTRY-2143) Table renames should synchronize with Sentry
Alexander Kolbasov created SENTRY-2143:
--
Summary: Table renames should synchronize with Sentry
Key: SENTRY-2143
URL: https://issues.apache.org/jira/browse/SENTRY-2143
Project: Sentry
Issue Type: Bug
Components: Sentry
Affects Versions: 2.1.0
Reporter: Alexander Kolbasov
Currently table renames are not synchronized from Hive (while table
creates/drops are). This creates a problem since the renamed table doesn't have
correct privileges for a bit until it is processed by Sentry. So perfectly
valid scripts that rename tables and expect the rename table to retain the
privileges are going to fail.
The fix is to update {{SentrySyncHMSNotificationsPostEventListener}} to
synchronize table renames as well.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (SENTRY-593) show role grants against object
[
https://issues.apache.org/jira/browse/SENTRY-593?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16367591#comment-16367591
]
Steve Moist commented on SENTRY-593:
Hi all, is this the same as SENTRY-1242?
> show role grants against object
>
>
> Key: SENTRY-593
> URL: https://issues.apache.org/jira/browse/SENTRY-593
> Project: Sentry
> Issue Type: Improvement
>Reporter: Johndee Burks
>Assignee: Johndee Burks
>Priority: Minor
>
> It would be nice to have a command that would show all roles that have grants
> against a particular object. For example if I do the following commands.
> {code}
> grant select on table j1 to role analyst;
> grant select on table j1 to role analyst1;
> grant select on table j1 to role analyst2;
> {code}
> I would like to do something like this:
> {code}
> show grant roles on table j1;
> {code}
> and then it displays something like this:
> {code}
> +---+++-+-+-++---+---+--+
> | database | table | partition | column | principal_name |
> principal_type | privilege | grant_option |grant_time | grantor |
> +---+++-+-+-++---+---+--+
> | default | j1 || | analyst | ROLE
> | select | false | 1416861983065000 | hive |
> | default | j1 || | analyst1| ROLE
> | select | false | 1416861983065000 | hive |
> | default | j1 || | analyst2| ROLE
> | select | false | 1416861983065000 | hive |
> +---+++-+-+-++---+---+--+
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
