[jira] [Created] (SENTRY-2531) User can EXECUTE a function under a database that they dont have access to
Arjun Mishra created SENTRY-2531: Summary: User can EXECUTE a function under a database that they dont have access to Key: SENTRY-2531 URL: https://issues.apache.org/jira/browse/SENTRY-2531 Project: Sentry Issue Type: New Feature Components: Sentry Affects Versions: 2.1 Reporter: Arjun Mishra Assignee: Arjun Mishra Right now a suer can execute a function that was made using a particular database on any database even if it doesn't have select privileges on the original database -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (SENTRY-2530) User can CREATE function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2530: - Description: Right now as long as a user has ALL access on URI we allow the user to create functions for the database. We should restrict this as per the privileges on database (was: Right now as long as a user has ALL access on URI we allow the user to create/drop functions for the database. We should restrict this as per the privileges on database) > User can CREATE function under a database that he/she has no access > --- > > Key: SENTRY-2530 > URL: https://issues.apache.org/jira/browse/SENTRY-2530 > Project: Sentry > Issue Type: New Feature > Components: Sentry >Affects Versions: 2.1 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > > Right now as long as a user has ALL access on URI we allow the user to create > functions for the database. We should restrict this as per the privileges on > database -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (SENTRY-2530) User can CREATE function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2530: - Summary: User can CREATE function under a database that he/she has no access (was: Protect UDF create/drop by databases) > User can CREATE function under a database that he/she has no access > --- > > Key: SENTRY-2530 > URL: https://issues.apache.org/jira/browse/SENTRY-2530 > Project: Sentry > Issue Type: New Feature > Components: Sentry >Affects Versions: 2.1 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > > Right now as long as a user has ALL access on URI we allow the user to > create/drop functions for the database. We should restrict this as per the > privileges on database -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Created] (SENTRY-2530) Protect UDF create/drop by databases
Arjun Mishra created SENTRY-2530: Summary: Protect UDF create/drop by databases Key: SENTRY-2530 URL: https://issues.apache.org/jira/browse/SENTRY-2530 Project: Sentry Issue Type: New Feature Components: Sentry Affects Versions: 2.1 Reporter: Arjun Mishra Assignee: Arjun Mishra Right now as long as a user has ALL access on URI we allow the user to create/drop functions for the database. We should restrict this as per the privileges on database -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Created] (SENTRY-2529) Exceptions thrown in SentryHDFSServiceProcessor does not display the stacktrace
Arjun Mishra created SENTRY-2529: Summary: Exceptions thrown in SentryHDFSServiceProcessor does not display the stacktrace Key: SENTRY-2529 URL: https://issues.apache.org/jira/browse/SENTRY-2529 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra When an exception is thrown while building the updates for HDFS we simply throw that exception as a thrift exception -- This message was sent by Atlassian Jira (v8.3.2#803003)
[jira] [Updated] (SENTRY-2528) Format exception when fetching a full snapshot
[ https://issues.apache.org/jira/browse/SENTRY-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2528: - Resolution: Fixed Status: Resolved (was: Patch Available) > Format exception when fetching a full snapshot > -- > > Key: SENTRY-2528 > URL: https://issues.apache.org/jira/browse/SENTRY-2528 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2528.01.patch > > > When fetching a full snapshot we get the below error. This is a regression of > SENTRY-2301 > {noformat} > 2019-07-07 23:07:39,677 ERROR > org.apache.sentry.service.thrift.SentryHMSClient: Snapshot created failed > java.util.IllegalFormatConversionException: f != java.lang.Long > at > java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302) > at java.util.Formatter$FormatSpecifier.printFloat(Formatter.java:2806) > at java.util.Formatter$FormatSpecifier.print(Formatter.java:2753) > at java.util.Formatter.format(Formatter.java:2520) > at java.util.Formatter.format(Formatter.java:2455) > at java.lang.String.format(String.java:2940) > at > org.apache.sentry.service.thrift.FullUpdateInitializer.getFullHMSSnapshot(FullUpdateInitializer.java:552) > at > org.apache.sentry.service.thrift.SentryHMSClient.fetchFullUpdate(SentryHMSClient.java:244) > at > org.apache.sentry.service.thrift.SentryHMSClient.getFullSnapshot(SentryHMSClient.java:147) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.createFullSnapshot(HMSFollower.java:409) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.syncupWithHms(HMSFollower.java:237) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.run(HMSFollower.java:198) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2528) Format exception when fetching a full snapshot
[ https://issues.apache.org/jira/browse/SENTRY-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2528: - Attachment: SENTRY-2528.01.patch > Format exception when fetching a full snapshot > -- > > Key: SENTRY-2528 > URL: https://issues.apache.org/jira/browse/SENTRY-2528 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2528.01.patch > > > When fetching a full snapshot we get the below error. This is a regression of > SENTRY-2301 > {noformat} > 2019-07-07 23:07:39,677 ERROR > org.apache.sentry.service.thrift.SentryHMSClient: Snapshot created failed > java.util.IllegalFormatConversionException: f != java.lang.Long > at > java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302) > at java.util.Formatter$FormatSpecifier.printFloat(Formatter.java:2806) > at java.util.Formatter$FormatSpecifier.print(Formatter.java:2753) > at java.util.Formatter.format(Formatter.java:2520) > at java.util.Formatter.format(Formatter.java:2455) > at java.lang.String.format(String.java:2940) > at > org.apache.sentry.service.thrift.FullUpdateInitializer.getFullHMSSnapshot(FullUpdateInitializer.java:552) > at > org.apache.sentry.service.thrift.SentryHMSClient.fetchFullUpdate(SentryHMSClient.java:244) > at > org.apache.sentry.service.thrift.SentryHMSClient.getFullSnapshot(SentryHMSClient.java:147) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.createFullSnapshot(HMSFollower.java:409) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.syncupWithHms(HMSFollower.java:237) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.run(HMSFollower.java:198) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2528) Format exception when fetching a full snapshot
[ https://issues.apache.org/jira/browse/SENTRY-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2528: - Status: Patch Available (was: Open) > Format exception when fetching a full snapshot > -- > > Key: SENTRY-2528 > URL: https://issues.apache.org/jira/browse/SENTRY-2528 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2528.01.patch > > > When fetching a full snapshot we get the below error. This is a regression of > SENTRY-2301 > {noformat} > 2019-07-07 23:07:39,677 ERROR > org.apache.sentry.service.thrift.SentryHMSClient: Snapshot created failed > java.util.IllegalFormatConversionException: f != java.lang.Long > at > java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302) > at java.util.Formatter$FormatSpecifier.printFloat(Formatter.java:2806) > at java.util.Formatter$FormatSpecifier.print(Formatter.java:2753) > at java.util.Formatter.format(Formatter.java:2520) > at java.util.Formatter.format(Formatter.java:2455) > at java.lang.String.format(String.java:2940) > at > org.apache.sentry.service.thrift.FullUpdateInitializer.getFullHMSSnapshot(FullUpdateInitializer.java:552) > at > org.apache.sentry.service.thrift.SentryHMSClient.fetchFullUpdate(SentryHMSClient.java:244) > at > org.apache.sentry.service.thrift.SentryHMSClient.getFullSnapshot(SentryHMSClient.java:147) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.createFullSnapshot(HMSFollower.java:409) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.syncupWithHms(HMSFollower.java:237) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.run(HMSFollower.java:198) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2528) Format exception when fetching a full snapshot
[ https://issues.apache.org/jira/browse/SENTRY-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16881281#comment-16881281 ] Arjun Mishra commented on SENTRY-2528: -- Tested. Output: Fetching full hms snapshot: databases fetched=141 (14.10%); tables fetched=1141 (1.14%); partitions fetched=43563 (0.04%); total number of databases=1000; total number of tables=10 total number of partitions=1 > Format exception when fetching a full snapshot > -- > > Key: SENTRY-2528 > URL: https://issues.apache.org/jira/browse/SENTRY-2528 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > > When fetching a full snapshot we get the below error. This is a regression of > SENTRY-2301 > {noformat} > 2019-07-07 23:07:39,677 ERROR > org.apache.sentry.service.thrift.SentryHMSClient: Snapshot created failed > java.util.IllegalFormatConversionException: f != java.lang.Long > at > java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302) > at java.util.Formatter$FormatSpecifier.printFloat(Formatter.java:2806) > at java.util.Formatter$FormatSpecifier.print(Formatter.java:2753) > at java.util.Formatter.format(Formatter.java:2520) > at java.util.Formatter.format(Formatter.java:2455) > at java.lang.String.format(String.java:2940) > at > org.apache.sentry.service.thrift.FullUpdateInitializer.getFullHMSSnapshot(FullUpdateInitializer.java:552) > at > org.apache.sentry.service.thrift.SentryHMSClient.fetchFullUpdate(SentryHMSClient.java:244) > at > org.apache.sentry.service.thrift.SentryHMSClient.getFullSnapshot(SentryHMSClient.java:147) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.createFullSnapshot(HMSFollower.java:409) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.syncupWithHms(HMSFollower.java:237) > at > org.apache.sentry.provider.db.service.persistent.HMSFollower.run(HMSFollower.java:198) > at > java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2528) Format exception when fetching a full snapshot
Arjun Mishra created SENTRY-2528: Summary: Format exception when fetching a full snapshot Key: SENTRY-2528 URL: https://issues.apache.org/jira/browse/SENTRY-2528 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra When fetching a full snapshot we get the below error. This is a regression of SENTRY-2301 {noformat} 2019-07-07 23:07:39,677 ERROR org.apache.sentry.service.thrift.SentryHMSClient: Snapshot created failed java.util.IllegalFormatConversionException: f != java.lang.Long at java.util.Formatter$FormatSpecifier.failConversion(Formatter.java:4302) at java.util.Formatter$FormatSpecifier.printFloat(Formatter.java:2806) at java.util.Formatter$FormatSpecifier.print(Formatter.java:2753) at java.util.Formatter.format(Formatter.java:2520) at java.util.Formatter.format(Formatter.java:2455) at java.lang.String.format(String.java:2940) at org.apache.sentry.service.thrift.FullUpdateInitializer.getFullHMSSnapshot(FullUpdateInitializer.java:552) at org.apache.sentry.service.thrift.SentryHMSClient.fetchFullUpdate(SentryHMSClient.java:244) at org.apache.sentry.service.thrift.SentryHMSClient.getFullSnapshot(SentryHMSClient.java:147) at org.apache.sentry.provider.db.service.persistent.HMSFollower.createFullSnapshot(HMSFollower.java:409) at org.apache.sentry.provider.db.service.persistent.HMSFollower.syncupWithHms(HMSFollower.java:237) at org.apache.sentry.provider.db.service.persistent.HMSFollower.run(HMSFollower.java:198) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (SENTRY-2299) NPE In Sentry HDFS Sync Plugin
[ https://issues.apache.org/jira/browse/SENTRY-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877939#comment-16877939 ] Arjun Mishra edited comment on SENTRY-2299 at 7/8/19 2:25 PM: -- Please see instructions to reproduce the issue. # Create database _db1_ in non-sentry-managed location ## create database db1 location '/user/external/db1.db'; # Create another database _db2_ in managed location ## create database db2; # Create table db1.tbl1 in non-sentry-managed location ## create table db1.tbl1 (x INT) location '/user/external/db1.db/tbl1'; # Rename table _db1.tbl1 to db2.tbl2_ thereby both renaming it and moving locations from non-managed to managed paths ## alter table db1.tbl1 rename to db2.tbl2; This will cause result in an NPE. Then go ahead and create more tables/databases in sentry managed paths and you wont' see their ACLs being applied. Test same with patch was (Author: arjunmishra13): Please see instructions to reproduce the issue. # Create database _db1_ in non-sentry-managed location ## create database db1 location '/user/external/db1.db'; # Create another database _db2_ in managed location ## create database db2; # Create external table db1.tbl1 in non-sentry-managed location ## create external table db1.tbl1 (x INT) location '/user/external/db1.db/tbl1'; # Rename table _db1.tbl1 to db2.tbl2_ thereby both renaming it and moving locations from non-managed to managed paths ## alter table db1.tbl1 rename to db2.tbl2; This will cause result in an NPE. Then go ahead and create more tables/databases in sentry managed paths and you wont' see their ACLs being applied. Test same with patch > NPE In Sentry HDFS Sync Plugin > -- > > Key: SENTRY-2299 > URL: https://issues.apache.org/jira/browse/SENTRY-2299 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Critical > Attachments: SENTRY-2299.001.patch > > > Sentry HDFS ACL synchronization stopped working and throws > NullPointerException. The HDFS logs showed repeating errors like the > following: > {code} > 11:16:15.743 AM WARNSentryAuthorizationInfo > Failed to update, will retry in [3]ms, error: > java.lang.NullPointerException > at org.apache.sentry.hdfs.HMSPaths$Entry.access$200(HMSPaths.java:146) > at org.apache.sentry.hdfs.HMSPaths.renameAuthzObject(HMSPaths.java:879) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.applyPartialUpdate(UpdateableAuthzPaths.java:118) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.updatePartial(UpdateableAuthzPaths.java:81) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.processUpdates(SentryAuthorizationInfo.java:211) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.update(SentryAuthorizationInfo.java:139) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.run(SentryAuthorizationInfo.java:232) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > The customer checked the Sentry logs and didn't see any corresponding errors. > The issue stopped occurring, apparently not through any specific user > intervention. (The customer tried manually failing over the active NameNode, > with no change.) > {code} > Arjun mentioned the reason is that some delta update from sentry server was > lost, so the oldEntry at line HMSPaths.java:879 was null. That caused null > exception. > {code} > void renameAuthzObject(String oldName, List> oldPathElems, > String newName, List> newPathElems) { > if (LOG.isDebugEnabled()) { > LOG.debug(String.format("%s renameAuthzObject({%s, %s} -> {%s, %s})", > this, oldName, assemblePaths(oldPathElems), newName, > assemblePaths(newPathElems))); > } > if (oldPathElems == null || oldPathElems.isEmpty() || > newPathElems == null || newPathElems.isEmpty() || > newName == null || newName.equals(oldName)) { > LOG.warn(String.format("%s renameAuthzObject({%s, %s} -> {%s, %s})" + > ": invalid inputs, skipping", > this, oldName, assemblePaths(oldPathElems), newName, > assemblePaths(newPathElems))); > return; > } > // if oldPath == newPath, that is path has not changed as part of ren
[jira] [Created] (SENTRY-2527) Create ACL is lost when select ACL is dropped
Arjun Mishra created SENTRY-2527: Summary: Create ACL is lost when select ACL is dropped Key: SENTRY-2527 URL: https://issues.apache.org/jira/browse/SENTRY-2527 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra If an object had both CREATE and SELECT privileges on the same user group, then if we were to drop the SELECT privilege, even the CREATE ACL corresponding to `---` is lost -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2299) NPE In Sentry HDFS Sync Plugin
[ https://issues.apache.org/jira/browse/SENTRY-2299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16877939#comment-16877939 ] Arjun Mishra commented on SENTRY-2299: -- Please see instructions to reproduce the issue. # Create database _db1_ in non-sentry-managed location ## create database db1 location '/user/external/db1.db'; # Create another database _db2_ in managed location ## create database db2; # Create external table db1.tbl1 in non-sentry-managed location ## create external table db1.tbl1 (x INT) location '/user/external/db1.db/tbl1'; # Rename table _db1.tbl1 to db2.tbl2_ thereby both renaming it and moving locations from non-managed to managed paths ## alter table db1.tbl1 rename to db2.tbl2; This will cause result in an NPE. Then go ahead and create more tables/databases in sentry managed paths and you wont' see their ACLs being applied. Test same with patch > NPE In Sentry HDFS Sync Plugin > -- > > Key: SENTRY-2299 > URL: https://issues.apache.org/jira/browse/SENTRY-2299 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Na Li >Assignee: Na Li >Priority: Critical > Attachments: SENTRY-2299.001.patch > > > Sentry HDFS ACL synchronization stopped working and throws > NullPointerException. The HDFS logs showed repeating errors like the > following: > {code} > 11:16:15.743 AM WARNSentryAuthorizationInfo > Failed to update, will retry in [3]ms, error: > java.lang.NullPointerException > at org.apache.sentry.hdfs.HMSPaths$Entry.access$200(HMSPaths.java:146) > at org.apache.sentry.hdfs.HMSPaths.renameAuthzObject(HMSPaths.java:879) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.applyPartialUpdate(UpdateableAuthzPaths.java:118) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.updatePartial(UpdateableAuthzPaths.java:81) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.processUpdates(SentryAuthorizationInfo.java:211) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.update(SentryAuthorizationInfo.java:139) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.run(SentryAuthorizationInfo.java:232) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > The customer checked the Sentry logs and didn't see any corresponding errors. > The issue stopped occurring, apparently not through any specific user > intervention. (The customer tried manually failing over the active NameNode, > with no change.) > {code} > Arjun mentioned the reason is that some delta update from sentry server was > lost, so the oldEntry at line HMSPaths.java:879 was null. That caused null > exception. > {code} > void renameAuthzObject(String oldName, List> oldPathElems, > String newName, List> newPathElems) { > if (LOG.isDebugEnabled()) { > LOG.debug(String.format("%s renameAuthzObject({%s, %s} -> {%s, %s})", > this, oldName, assemblePaths(oldPathElems), newName, > assemblePaths(newPathElems))); > } > if (oldPathElems == null || oldPathElems.isEmpty() || > newPathElems == null || newPathElems.isEmpty() || > newName == null || newName.equals(oldName)) { > LOG.warn(String.format("%s renameAuthzObject({%s, %s} -> {%s, %s})" + > ": invalid inputs, skipping", > this, oldName, assemblePaths(oldPathElems), newName, > assemblePaths(newPathElems))); > return; > } > // if oldPath == newPath, that is path has not changed as part of rename > and hence new table > // needs to have old paths => new_table.add(old_table_partition_paths) > List oldPathElements = oldPathElems.get(0); > List newPathElements = newPathElems.get(0); > if (!oldPathElements.equals(newPathElements)) { > Entry oldEntry = root.find(oldPathElements.toArray(new String[0]), > false); > Entry newParent = root.createParent(newPathElements); > oldEntry.moveTo(newParent, newPathElements.get(newPathElements.size() - > 1)); -> oldEntry is null > } > {code} > There are several possible reasons why some delta changes are lost. > {code} > 1. Sentry server does not save the rename update as delta update. The chance > is really low > 2. The delta change is lost from sentry server to name node plugin. The >
[jira] [Resolved] (SENTRY-781) User can run function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra resolved SENTRY-781. - Resolution: Duplicate Resolved with SENTRY-2240 > User can run function under a database that he/she has no access > > > Key: SENTRY-781 > URL: https://issues.apache.org/jira/browse/SENTRY-781 > Project: Sentry > Issue Type: Bug > Components: Hive Plugin >Affects Versions: 1.4.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Minor > > When user has no access to a particular database, he/she is still able to > create permanent function in it. > For example, a role has no access to database "udf_test", as show by the > "show databases" command: > {code} > ++--+ > | database_name | > ++--+ > | default| > ++--+ > {code} > However, this role can do the following two things: > {code} > 0: jdbc:hive2://10.17.74.148:1/default> create function > udf_test.upper_test as 'com.elin.ToUpper'; > No rows affected (0.216 seconds) > {code} > The jar file has been loaded into aux directory for Hive. > {code} > 0: jdbc:hive2://10.17.74.148:1/default> select udf_test.upper_test(code) > from sample_07 limit 10; > INFO : Number of reduce tasks is set to 0 since there's no reduce operator > WARN : Hadoop command-line option parsing not performed. Implement the Tool > interface and execute your application with ToolRunner to remedy this. > INFO : number of splits:1 > INFO : Submitting tokens for job: job_1434092815442_0004 > INFO : Kind: HDFS_DELEGATION_TOKEN, Service: 10.17.74.148:8020, Ident: > (HDFS_DELEGATION_TOKEN token 24 for hive) > INFO : The url to track the job: > http://host:8088/proxy/application_1434092815442_0004/ > INFO : Starting Job = job_1434092815442_0004, Tracking URL = > http://host:8088/proxy/application_1434092815442_0004/ > INFO : Kill Command = > /opt/cloudera/parcels/CDH-5.4.0-1.cdh5.4.0.p767.429/lib/hadoop/bin/hadoop job > -kill job_1434092815442_0004 > INFO : Hadoop job information for Stage-1: number of mappers: 1; number of > reducers: 0 > INFO : 2015-06-19 17:04:48,003 Stage-1 map = 0%, reduce = 0% > INFO : 2015-06-19 17:05:08,172 Stage-1 map = 100%, reduce = 0%, Cumulative > CPU 3.16 sec > INFO : MapReduce Total cumulative CPU time: 3 seconds 160 msec > INFO : Ended Job = job_1434092815442_0004 > {code} > This violates the sentry permission mechanism. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2526) Databases created prior to enabling HDFS Sentry sync and AFTER a full snapshot don't get added to NN cache
Arjun Mishra created SENTRY-2526: Summary: Databases created prior to enabling HDFS Sentry sync and AFTER a full snapshot don't get added to NN cache Key: SENTRY-2526 URL: https://issues.apache.org/jira/browse/SENTRY-2526 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra If a full snapshot is done and the customer goes and disables HDFS Sentry sync and creates a bunch of databases (or any objects) then if they were to enable HDFS Sentry sync those objects won't be managed. These objects are not in AUTHZ_PATHS table since they were created when HDFS sync was disabled. Also on enabling HDFS sync these objects won't get added to the AUTHZ_PATHS table since we won't do a fullsnapshot as one was already done -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2526) Objects created prior to enabling HDFS Sentry sync and AFTER a full snapshot don't get added to NN cache
[ https://issues.apache.org/jira/browse/SENTRY-2526?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2526: - Summary: Objects created prior to enabling HDFS Sentry sync and AFTER a full snapshot don't get added to NN cache (was: Databases created prior to enabling HDFS Sentry sync and AFTER a full snapshot don't get added to NN cache ) > Objects created prior to enabling HDFS Sentry sync and AFTER a full snapshot > don't get added to NN cache > - > > Key: SENTRY-2526 > URL: https://issues.apache.org/jira/browse/SENTRY-2526 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Priority: Major > > If a full snapshot is done and the customer goes and disables HDFS Sentry > sync and creates a bunch of databases (or any objects) then if they were to > enable HDFS Sentry sync those objects won't be managed. > These objects are not in AUTHZ_PATHS table since they were created when HDFS > sync was disabled. Also on enabling HDFS sync these objects won't get added > to the AUTHZ_PATHS table since we won't do a fullsnapshot as one was already > done -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-1971) Hive integration for auth-2 should handle creating function properly
[ https://issues.apache.org/jira/browse/SENTRY-1971?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864372#comment-16864372 ] Arjun Mishra commented on SENTRY-1971: -- [~LinaAtAustin] Maybe we are not using the latest hive changes because this change is not reflected in Sentry. When we test a DROP FUNCTION command hive does not provide UDF class name as input. It does provide with CREATE FUNCTION. This code change has many critical changes like not calling sentry when dropping functions that don't exist are executed. But yeah my change was not created with this change in mind > Hive integration for auth-2 should handle creating function properly > > > Key: SENTRY-1971 > URL: https://issues.apache.org/jira/browse/SENTRY-1971 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Na Li >Priority: Critical > > Sergio found hive does not include UDF class name for creating function > command as input to sentry. That will break the function authorization. > Once HIVE-17544 is fixed, sentry should change code accordingly to make > authorization for creating function work. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2240: - Resolution: Fixed Status: Resolved (was: Patch Available) > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch, SENTRY-2240.02.patch, SENTRY-2240.03.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2240: - Attachment: SENTRY-2240.03.patch > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch, SENTRY-2240.02.patch, SENTRY-2240.03.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2240: - Attachment: SENTRY-2240.02.patch > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch, SENTRY-2240.02.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16862401#comment-16862401 ] Arjun Mishra commented on SENTRY-2240: -- https://builds.apache.org/job/PreCommit-SENTRY-Build/4414/ > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2240: - Component/s: (was: Hive Binding) Sentry > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2240: - Status: Patch Available (was: Open) > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Hive Binding >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2240: - Attachment: SENTRY-2240.01.patch > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Hive Binding >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch, > SENTRY-2240.01.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (SENTRY-2240) User can DROP function under a database that he/she has no access
[ https://issues.apache.org/jira/browse/SENTRY-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra reassigned SENTRY-2240: Assignee: Arjun Mishra (was: Eric Lin) > User can DROP function under a database that he/she has no access > - > > Key: SENTRY-2240 > URL: https://issues.apache.org/jira/browse/SENTRY-2240 > Project: Sentry > Issue Type: Bug > Components: Hive Binding >Affects Versions: 1.8.0 >Reporter: Eric Lin >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2240-1.patch, SENTRY-2240-2.patch > > > User can DROP UDF function under a database that he/she has no access to. > I created it as separate JIRA from SENTRY-781 due to changes are quite > different. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2524) Sentry does not update user group once an object is deleted and not sentry managed
Arjun Mishra created SENTRY-2524: Summary: Sentry does not update user group once an object is deleted and not sentry managed Key: SENTRY-2524 URL: https://issues.apache.org/jira/browse/SENTRY-2524 Project: Sentry Issue Type: Bug Reporter: Arjun Mishra Assignee: Arjun Mishra For a path to be sentry managed it needs to be under the sentry prefix and present in the authz paths update. However when the object is deleted we don't reset the user and group -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2516) Address the slow grant/revoke performance impact
Arjun Mishra created SENTRY-2516: Summary: Address the slow grant/revoke performance impact Key: SENTRY-2516 URL: https://issues.apache.org/jira/browse/SENTRY-2516 Project: Sentry Issue Type: Improvement Reporter: Arjun Mishra Assignee: Arjun Mishra Grant and revokes performance is poor with over 12 secs per grant/revoke for a role that has over 1,000 privileges -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2513) Filter privileges by action when doing authorization checks
Arjun Mishra created SENTRY-2513: Summary: Filter privileges by action when doing authorization checks Key: SENTRY-2513 URL: https://issues.apache.org/jira/browse/SENTRY-2513 Project: Sentry Issue Type: Improvement Components: Sentry Affects Versions: 2.0.1 Reporter: Arjun Mishra Assignee: Arjun Mishra When we do authorization checks for a bunch of authorizables. We build the authorization string for different Actions. There is no need to get all the privileges when comparing with the input authorizables as that will cause many unnecessary comparisons -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2511) Debug level logging on HMSPaths significantly affects performance
[ https://issues.apache.org/jira/browse/SENTRY-2511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2511: - Resolution: Fixed Status: Resolved (was: Patch Available) > Debug level logging on HMSPaths significantly affects performance > - > > Key: SENTRY-2511 > URL: https://issues.apache.org/jira/browse/SENTRY-2511 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Fix For: 2.1 > > Attachments: SENTRY-2511.001.patch, SENTRY-2511.01.patch > > > Newer logging changes were made to HMSPath to help identify the corrupt > cache. However when there are large number of partitions logging changes made > makes the processing or creation of an update very slow -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2512) Remove hive conf reference from SentrySyncHMSNotificationsPostEventListener class
Arjun Mishra created SENTRY-2512: Summary: Remove hive conf reference from SentrySyncHMSNotificationsPostEventListener class Key: SENTRY-2512 URL: https://issues.apache.org/jira/browse/SENTRY-2512 Project: Sentry Issue Type: Improvement Components: Sentry Affects Versions: 2.0.1 Reporter: Arjun Mishra Assignee: Arjun Mishra Removing hive-conf dependencies from SentrySyncHMSNotificationsPostEventListener -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2511) Debug level logging on HMSPaths significantly affects performance
[ https://issues.apache.org/jira/browse/SENTRY-2511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2511: - Attachment: SENTRY-2511.001.patch > Debug level logging on HMSPaths significantly affects performance > - > > Key: SENTRY-2511 > URL: https://issues.apache.org/jira/browse/SENTRY-2511 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Fix For: 2.1 > > Attachments: SENTRY-2511.001.patch, SENTRY-2511.01.patch > > > Newer logging changes were made to HMSPath to help identify the corrupt > cache. However when there are large number of partitions logging changes made > makes the processing or creation of an update very slow -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2511) Debug level logging on HMSPaths significantly affects performance
[ https://issues.apache.org/jira/browse/SENTRY-2511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16805042#comment-16805042 ] Arjun Mishra commented on SENTRY-2511: -- The above failed tests pass locally. Retry patch > Debug level logging on HMSPaths significantly affects performance > - > > Key: SENTRY-2511 > URL: https://issues.apache.org/jira/browse/SENTRY-2511 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Fix For: 2.1 > > Attachments: SENTRY-2511.01.patch > > > Newer logging changes were made to HMSPath to help identify the corrupt > cache. However when there are large number of partitions logging changes made > makes the processing or creation of an update very slow -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2511) Debug level logging on HMSPaths significantly affects performance
[ https://issues.apache.org/jira/browse/SENTRY-2511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2511: - Status: Patch Available (was: Open) > Debug level logging on HMSPaths significantly affects performance > - > > Key: SENTRY-2511 > URL: https://issues.apache.org/jira/browse/SENTRY-2511 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Fix For: 2.1 > > Attachments: SENTRY-2511.01.patch > > > Newer logging changes were made to HMSPath to help identify the corrupt > cache. However when there are large number of partitions logging changes made > makes the processing or creation of an update very slow -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2511) Debug level logging on HMSPaths significantly affects performance
[ https://issues.apache.org/jira/browse/SENTRY-2511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2511: - Attachment: SENTRY-2511.01.patch > Debug level logging on HMSPaths significantly affects performance > - > > Key: SENTRY-2511 > URL: https://issues.apache.org/jira/browse/SENTRY-2511 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Fix For: 2.1 > > Attachments: SENTRY-2511.01.patch > > > Newer logging changes were made to HMSPath to help identify the corrupt > cache. However when there are large number of partitions logging changes made > makes the processing or creation of an update very slow -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2511) Debug level logging on HMSPaths significantly affects performance
Arjun Mishra created SENTRY-2511: Summary: Debug level logging on HMSPaths significantly affects performance Key: SENTRY-2511 URL: https://issues.apache.org/jira/browse/SENTRY-2511 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra Fix For: 2.1 Newer logging changes were made to HMSPath to help identify the corrupt cache. However when there are large number of partitions logging changes made makes the processing or creation of an update very slow -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2510) Reduce memory footprint introduced by SENTRY-1291
Arjun Mishra created SENTRY-2510: Summary: Reduce memory footprint introduced by SENTRY-1291 Key: SENTRY-2510 URL: https://issues.apache.org/jira/browse/SENTRY-2510 Project: Sentry Issue Type: Improvement Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra SENTRY-1291 addresses optimizing authorization checks. However if there are too many privileges the memory increases significantly. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2508) Optimize performance of grant and revokes on entities with already large number of privileges
[ https://issues.apache.org/jira/browse/SENTRY-2508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16793647#comment-16793647 ] Arjun Mishra commented on SENTRY-2508: -- [~hongtaq] Sentry is bulk fetching from roles and user tables. To fix this we need to disable that when doing grants or revokes > Optimize performance of grant and revokes on entities with already large > number of privileges > - > > Key: SENTRY-2508 > URL: https://issues.apache.org/jira/browse/SENTRY-2508 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > > Right now if an entity like role is mapped to over 5K privileges, granting > new privileges to it is significantly slow. Same applies with revokes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2509) Have a single RollingFileWithoutDeleteAppender class
Arjun Mishra created SENTRY-2509: Summary: Have a single RollingFileWithoutDeleteAppender class Key: SENTRY-2509 URL: https://issues.apache.org/jira/browse/SENTRY-2509 Project: Sentry Issue Type: Bug Components: Sentry Affects Versions: 2.0.1 Reporter: Arjun Mishra Assignee: Arjun Mishra Currently there is one for Sentry service and one for Solr -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Status: Patch Available (was: Reopened) > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.003.patch, SENTRY-2505.01.patch, > SENTRY-2505.02.patch, SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Attachment: SENTRY-2505.003.patch > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.003.patch, SENTRY-2505.01.patch, > SENTRY-2505.02.patch, SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Attachment: (was: SENTRY-2505.003.patch) > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch, SENTRY-2505.02.patch, > SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2508) Optimize performance of grant and revokes on entities with already large number of privileges
Arjun Mishra created SENTRY-2508: Summary: Optimize performance of grant and revokes on entities with already large number of privileges Key: SENTRY-2508 URL: https://issues.apache.org/jira/browse/SENTRY-2508 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra Right now if an entity like role is mapped to over 5K privileges, granting new privileges to it is significantly slow. Same applies with revokes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Reopened] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra reopened SENTRY-2505: -- > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.003.patch, SENTRY-2505.01.patch, > SENTRY-2505.02.patch, SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Attachment: SENTRY-2505.003.patch > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.003.patch, SENTRY-2505.01.patch, > SENTRY-2505.02.patch, SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Resolution: Fixed Status: Resolved (was: Patch Available) > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch, SENTRY-2505.02.patch, > SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Description: TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough time is given to create a file (was: TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because of size bounds) > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch, SENTRY-2505.02.patch, > SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern because not enough > time is given to create a file -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Summary: SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern (was: Fix file bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern) > SENTRY-2505: Fix TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > --- > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch, SENTRY-2505.02.patch, > SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because > of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) Fix file bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Attachment: SENTRY-2505.03.patch > Fix file bounds in TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > - > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch, SENTRY-2505.02.patch, > SENTRY-2505.03.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because > of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) Fix file bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Attachment: SENTRY-2505.02.patch > Fix file bounds in TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > - > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch, SENTRY-2505.02.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because > of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) File bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Status: Patch Available (was: Open) > File bounds in TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > - > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because > of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) Fix file bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Summary: Fix file bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern (was: File bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern) > Fix file bounds in TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > - > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because > of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2505) File bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2505: - Attachment: SENTRY-2505.01.patch > File bounds in TestRollingFileWithoutDeleteAppender test case > testFileNamePattern > - > > Key: SENTRY-2505 > URL: https://issues.apache.org/jira/browse/SENTRY-2505 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2505.01.patch > > > TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because > of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2505) File bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern
Arjun Mishra created SENTRY-2505: Summary: File bounds in TestRollingFileWithoutDeleteAppender test case testFileNamePattern Key: SENTRY-2505 URL: https://issues.apache.org/jira/browse/SENTRY-2505 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra TestRollingFileWithoutDeleteAppender#testFileNamePattern still flaky because of size bounds -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2504) Account for partial revokes on ALL grant
[ https://issues.apache.org/jira/browse/SENTRY-2504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2504: - Status: Patch Available (was: Open) > Account for partial revokes on ALL grant > > > Key: SENTRY-2504 > URL: https://issues.apache.org/jira/browse/SENTRY-2504 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2504.01.patch > > > Right now if ALL grant is given to a role+object, if we revoke a SELECT or > INSERT, we don't replace with a partial privilege. This however works with * -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2504) Account for partial revokes on ALL grant
[ https://issues.apache.org/jira/browse/SENTRY-2504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2504: - Attachment: SENTRY-2504.01.patch > Account for partial revokes on ALL grant > > > Key: SENTRY-2504 > URL: https://issues.apache.org/jira/browse/SENTRY-2504 > Project: Sentry > Issue Type: Bug > Components: Sentry >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2504.01.patch > > > Right now if ALL grant is given to a role+object, if we revoke a SELECT or > INSERT, we don't replace with a partial privilege. This however works with * -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2504) Account for partial revokes on ALL grant
Arjun Mishra created SENTRY-2504: Summary: Account for partial revokes on ALL grant Key: SENTRY-2504 URL: https://issues.apache.org/jira/browse/SENTRY-2504 Project: Sentry Issue Type: Bug Components: Sentry Reporter: Arjun Mishra Assignee: Arjun Mishra Right now if ALL grant is given to a role+object, if we revoke a SELECT or INSERT, we don't replace with a partial privilege. This however works with * -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2498) Exception while deleting paths that does't exist
[ https://issues.apache.org/jira/browse/SENTRY-2498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16769584#comment-16769584 ] Arjun Mishra commented on SENTRY-2498: -- +1 > Exception while deleting paths that does't exist > > > Key: SENTRY-2498 > URL: https://issues.apache.org/jira/browse/SENTRY-2498 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.2.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.2.0 > > Attachments: SENTRY-2498.001.patch, SENTRY-2498.001.patch > > > Currently, HMSPaths is throwing an exception while deleting the paths for an > object that is not known. Here is the stack trace for the exception > {noformat} > 2019-02-13 10:19:16,351 WARN org.apache.sentry.hdfs.SentryAuthorizationInfo: > Failed to update, will retry in [3]ms, error: > java.lang.NullPointerException > at > org.apache.sentry.hdfs.HMSPaths.deletePathsFromAuthzObject(HMSPaths.java:801) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.applyPartialUpdate(UpdateableAuthzPaths.java:155) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.updatePartial(UpdateableAuthzPaths.java:89) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.processUpdates(SentryAuthorizationInfo.java:202) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.update(SentryAuthorizationInfo.java:135) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.run(SentryAuthorizationInfo.java:220) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > 2019-02-13 10:19:17,670 INFO SecurityLogger. > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2498) Exception while deleting paths that does't exist
[ https://issues.apache.org/jira/browse/SENTRY-2498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16768819#comment-16768819 ] Arjun Mishra commented on SENTRY-2498: -- +1 to code change > Exception while deleting paths that does't exist > > > Key: SENTRY-2498 > URL: https://issues.apache.org/jira/browse/SENTRY-2498 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.2.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.2.0 > > Attachments: SENTRY-2498.001.patch > > > Currently, HMSPaths is throwing an exception while deleting the paths for an > object that is not known. Here is the stack trace for the exception > {noformat} > 2019-02-13 10:19:16,351 WARN org.apache.sentry.hdfs.SentryAuthorizationInfo: > Failed to update, will retry in [3]ms, error: > java.lang.NullPointerException > at > org.apache.sentry.hdfs.HMSPaths.deletePathsFromAuthzObject(HMSPaths.java:801) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.applyPartialUpdate(UpdateableAuthzPaths.java:155) > at > org.apache.sentry.hdfs.UpdateableAuthzPaths.updatePartial(UpdateableAuthzPaths.java:89) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.processUpdates(SentryAuthorizationInfo.java:202) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.update(SentryAuthorizationInfo.java:135) > at > org.apache.sentry.hdfs.SentryAuthorizationInfo.run(SentryAuthorizationInfo.java:220) > at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) > at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > at java.lang.Thread.run(Thread.java:748) > 2019-02-13 10:19:17,670 INFO SecurityLogger. > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16768485#comment-16768485 ] Arjun Mishra commented on SENTRY-2492: -- Thanks [~kkalyan] for your help on this patch! > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch, SENTRY-2492.02.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Resolution: Fixed Status: Resolved (was: Patch Available) > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch, SENTRY-2492.02.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16768454#comment-16768454 ] Arjun Mishra commented on SENTRY-2492: -- Looks good. Thanks [~kkalyan] > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch, SENTRY-2492.02.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Status: Patch Available (was: Open) > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Attachment: SENTRY-2492.01.patch > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Attachment: (was: SENTRY-2492.01.patch) > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Attachment: SENTRY-2492.01.patch > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2492.01.patch > > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2146: - Description: Targeted changes are: # Separate input and output privileges hierarchy list from authorization checks # Log all relevant outputs for pre and post analyze at DEBUG level # KeyValue constructor threw exceptions earlier without any information. Add more information about attributes to it # Finally in ResourceAuthorizationProvider which deals with doing the authorization comparison, we never gracefully handled exceptions and the hive command would end abruptly. Handling this exception and throwing it back to the client will prompt a better log message on the client side was: There are a bunch of improvements that should be made to ResourceAuthorizationProvider. For example, exceptions thrown by privilegeFactory.createPrivilege are not gracefully handled. Makes debugging hard. We also need to add a lot more logging to related classes > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.005.patch, > SENTRY-2146.01.patch, SENTRY-2146.02.patch, SENTRY-2146.03.patch, > SENTRY-2146.04.patch, SENTRY-2146.05.patch > > > Targeted changes are: > # Separate input and output privileges hierarchy list from authorization > checks > # Log all relevant outputs for pre and post analyze at DEBUG level > # KeyValue constructor threw exceptions earlier without any information. Add > more information about attributes to it > # Finally in ResourceAuthorizationProvider which deals with doing the > authorization comparison, we never gracefully handled exceptions and the hive > command would end abruptly. Handling this exception and throwing it back to > the client will prompt a better log message on the client side -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2494) Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2494: - Resolution: Fixed Status: Resolved (was: Patch Available) > Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern > -- > > Key: SENTRY-2494 > URL: https://issues.apache.org/jira/browse/SENTRY-2494 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.1 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2494.001.patch, SENTRY-2494.01.patch > > > The log size is set to 10 bytes. However if the message size is 15 bytes, it > creates a 15, 15 and 0 byte file ( which is sometimes flaky) > Explanation: > Before we logged a string that was at 15 bytes each. The assumption was > Logger would split that across 2 files but it never did that. It would put 15 > bytes of line on one file. > Previously we had 2 log statements: > debug."123456789012345"; > debug."123456789012345"; > The file being created was "123456789012345", "123456789012345", "" (LAST ONE > empty) > as opposed to "1234567890", "1234512345", "6789012345" > The above output would be flaky because LOGGER.appender did not handle a LONG > string properly. It would sometimes generate two files with > "123456789012345", "" (LAST ONE empty) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2494) Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2494: - Attachment: SENTRY-2494.001.patch > Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern > -- > > Key: SENTRY-2494 > URL: https://issues.apache.org/jira/browse/SENTRY-2494 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.1 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2494.001.patch, SENTRY-2494.01.patch > > > The log size is set to 10 bytes. However if the message size is 15 bytes, it > creates a 15, 15 and 0 byte file ( which is sometimes flaky) > Explanation: > Before we logged a string that was at 15 bytes each. The assumption was > Logger would split that across 2 files but it never did that. It would put 15 > bytes of line on one file. > Previously we had 2 log statements: > debug."123456789012345"; > debug."123456789012345"; > The file being created was "123456789012345", "123456789012345", "" (LAST ONE > empty) > as opposed to "1234567890", "1234512345", "6789012345" > The above output would be flaky because LOGGER.appender did not handle a LONG > string properly. It would sometimes generate two files with > "123456789012345", "" (LAST ONE empty) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2494) Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2494: - Status: Patch Available (was: Open) > Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern > -- > > Key: SENTRY-2494 > URL: https://issues.apache.org/jira/browse/SENTRY-2494 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.1 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2494.01.patch > > > The log size is set to 10 bytes. However if the message size is 15 bytes, it > creates a 15, 15 and 0 byte file ( which is sometimes flaky) > Explanation: > Before we logged a string that was at 15 bytes each. The assumption was > Logger would split that across 2 files but it never did that. It would put 15 > bytes of line on one file. > Previously we had 2 log statements: > debug."123456789012345"; > debug."123456789012345"; > The file being created was "123456789012345", "123456789012345", "" (LAST ONE > empty) > as opposed to "1234567890", "1234512345", "6789012345" > The above output would be flaky because LOGGER.appender did not handle a LONG > string properly. It would sometimes generate two files with > "123456789012345", "" (LAST ONE empty) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2494) Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
[ https://issues.apache.org/jira/browse/SENTRY-2494?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2494: - Attachment: SENTRY-2494.01.patch > Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern > -- > > Key: SENTRY-2494 > URL: https://issues.apache.org/jira/browse/SENTRY-2494 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.1 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2494.01.patch > > > The log size is set to 10 bytes. However if the message size is 15 bytes, it > creates a 15, 15 and 0 byte file ( which is sometimes flaky) > Explanation: > Before we logged a string that was at 15 bytes each. The assumption was > Logger would split that across 2 files but it never did that. It would put 15 > bytes of line on one file. > Previously we had 2 log statements: > debug."123456789012345"; > debug."123456789012345"; > The file being created was "123456789012345", "123456789012345", "" (LAST ONE > empty) > as opposed to "1234567890", "1234512345", "6789012345" > The above output would be flaky because LOGGER.appender did not handle a LONG > string properly. It would sometimes generate two files with > "123456789012345", "" (LAST ONE empty) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2494) Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern
Arjun Mishra created SENTRY-2494: Summary: Fix TestRollingFileWithoutDeleteAppender test case testFileNamePattern Key: SENTRY-2494 URL: https://issues.apache.org/jira/browse/SENTRY-2494 Project: Sentry Issue Type: Bug Components: Sentry Affects Versions: 2.0.1 Reporter: Arjun Mishra Assignee: Arjun Mishra The log size is set to 10 bytes. However if the message size is 15 bytes, it creates a 15, 15 and 0 byte file ( which is sometimes flaky) Explanation: Before we logged a string that was at 15 bytes each. The assumption was Logger would split that across 2 files but it never did that. It would put 15 bytes of line on one file. Previously we had 2 log statements: debug."123456789012345"; debug."123456789012345"; The file being created was "123456789012345", "123456789012345", "" (LAST ONE empty) as opposed to "1234567890", "1234512345", "6789012345" The above output would be flaky because LOGGER.appender did not handle a LONG string properly. It would sometimes generate two files with "123456789012345", "" (LAST ONE empty) -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2146: - Resolution: Fixed Status: Resolved (was: Patch Available) > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.005.patch, > SENTRY-2146.01.patch, SENTRY-2146.02.patch, SENTRY-2146.03.patch, > SENTRY-2146.04.patch, SENTRY-2146.05.patch > > > There are a bunch of improvements that should be made to > ResourceAuthorizationProvider. For example, exceptions thrown by > privilegeFactory.createPrivilege are not gracefully handled. Makes debugging > hard. > We also need to add a lot more logging to related classes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2146: - Attachment: SENTRY-2146.005.patch > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.005.patch, > SENTRY-2146.01.patch, SENTRY-2146.02.patch, SENTRY-2146.03.patch, > SENTRY-2146.04.patch, SENTRY-2146.05.patch > > > There are a bunch of improvements that should be made to > ResourceAuthorizationProvider. For example, exceptions thrown by > privilegeFactory.createPrivilege are not gracefully handled. Makes debugging > hard. > We also need to add a lot more logging to related classes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2146: - Attachment: SENTRY-2146.05.patch > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.01.patch, > SENTRY-2146.02.patch, SENTRY-2146.03.patch, SENTRY-2146.04.patch, > SENTRY-2146.05.patch > > > There are a bunch of improvements that should be made to > ResourceAuthorizationProvider. For example, exceptions thrown by > privilegeFactory.createPrivilege are not gracefully handled. Makes debugging > hard. > We also need to add a lot more logging to related classes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16763930#comment-16763930 ] Arjun Mishra commented on SENTRY-2146: -- Thanks [~kkalyan]. Just FYI this change was deleted not added LOG.debug("stmtAuthObject.getOperationScope() = " + stmtAuthObject.getOperationScope()); > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.01.patch, > SENTRY-2146.02.patch, SENTRY-2146.03.patch, SENTRY-2146.04.patch > > > There are a bunch of improvements that should be made to > ResourceAuthorizationProvider. For example, exceptions thrown by > privilegeFactory.createPrivilege are not gracefully handled. Makes debugging > hard. > We also need to add a lot more logging to related classes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16763854#comment-16763854 ] Arjun Mishra commented on SENTRY-2146: -- [~kkalyan] Its for authorization checks. Better separation for input and output. Better error handling logs. > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.01.patch, > SENTRY-2146.02.patch, SENTRY-2146.03.patch, SENTRY-2146.04.patch > > > There are a bunch of improvements that should be made to > ResourceAuthorizationProvider. For example, exceptions thrown by > privilegeFactory.createPrivilege are not gracefully handled. Makes debugging > hard. > We also need to add a lot more logging to related classes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2146) Add better error handling to ResourceAuthorizationProvider and improve logging in related classes
[ https://issues.apache.org/jira/browse/SENTRY-2146?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2146: - Attachment: SENTRY-2146.04.patch > Add better error handling to ResourceAuthorizationProvider and improve > logging in related classes > - > > Key: SENTRY-2146 > URL: https://issues.apache.org/jira/browse/SENTRY-2146 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.0.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2146.002.patch, SENTRY-2146.01.patch, > SENTRY-2146.02.patch, SENTRY-2146.03.patch, SENTRY-2146.04.patch > > > There are a bunch of improvements that should be made to > ResourceAuthorizationProvider. For example, exceptions thrown by > privilegeFactory.createPrivilege are not gracefully handled. Makes debugging > hard. > We also need to add a lot more logging to related classes -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2493) Sentry store api's for path mapping should handle empty/null paths.
[ https://issues.apache.org/jira/browse/SENTRY-2493?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16762165#comment-16762165 ] Arjun Mishra commented on SENTRY-2493: -- [~kkalyan] My comments for your code review {code} Comments 1. NotificationProcessor: Change this log message "LOGGER.info("Empty paths, not updating sentry store");" to include the authzObj as well 2. QueryParamBuilder: Why not change this "if (paths == null || paths.size() == 0) {" to using isEmpty like you've done in other places 3. TestSentryStore: Comment "//Try to mapping with null paths" is not grammatically right. Also comment needs to describe the test. Its not very clear at the moment 4. TestSentryStore: Why would we pass null or Empty paths to deleteAuthzPathsMapping? You have handled is null or is empty in NotificationsProcess. Why do we want to delete the authz objects if paths is null or empty? {code} > Sentry store api's for path mapping should handle empty/null paths. > --- > > Key: SENTRY-2493 > URL: https://issues.apache.org/jira/browse/SENTRY-2493 > Project: Sentry > Issue Type: Bug >Affects Versions: 2.2.0 >Reporter: kalyan kumar kalvagadda >Assignee: kalyan kumar kalvagadda >Priority: Major > Fix For: 2.2.0 > > Attachments: SENTRY-2493.001.patch > > > Current API's for adding and deleting path mapping throw exceptions when > paths provided are either empty/null. API's should handle it gracefully. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2477) When requesting for deltas check if nn seq num is 1 more than latest sequence num
[ https://issues.apache.org/jira/browse/SENTRY-2477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2477: - Resolution: Fixed Status: Resolved (was: Patch Available) > When requesting for deltas check if nn seq num is 1 more than latest sequence > num > - > > Key: SENTRY-2477 > URL: https://issues.apache.org/jira/browse/SENTRY-2477 > Project: Sentry > Issue Type: Bug >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2477.0002.patch, SENTRY-2477.002.patch, > SENTRY-2477.01.patch, SENTRY-2477.02.patch > > > If NN seq number and latest sentry sequence number is larger than 1 we need > to request a full update -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2301) Log where sentry stands in the snapshot fetching process, periodically
[ https://issues.apache.org/jira/browse/SENTRY-2301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2301: - Fix Version/s: 2.1 > Log where sentry stands in the snapshot fetching process, periodically > -- > > Key: SENTRY-2301 > URL: https://issues.apache.org/jira/browse/SENTRY-2301 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: Arjun Mishra >Priority: Major > Fix For: 2.1 > > Attachments: SENTRY-2301.005.patch, SENTRY-2301.01.patch, > SENTRY-2301.02.patch, SENTRY-2301.03.patch, SENTRY-2301.04.patch, > SENTRY-2301.05.patch > > > When sentry is fetching snapshot from HMS, it should log periodically on > where it stands in the snapshot process. This will help person debugging it > and help him understand the progress. > > This is important as this process could take magnitude of minutes when the > HMS data is huge. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2301) Log where sentry stands in the snapshot fetching process, periodically
[ https://issues.apache.org/jira/browse/SENTRY-2301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2301: - Resolution: Fixed Status: Resolved (was: Patch Available) > Log where sentry stands in the snapshot fetching process, periodically > -- > > Key: SENTRY-2301 > URL: https://issues.apache.org/jira/browse/SENTRY-2301 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2301.005.patch, SENTRY-2301.01.patch, > SENTRY-2301.02.patch, SENTRY-2301.03.patch, SENTRY-2301.04.patch, > SENTRY-2301.05.patch > > > When sentry is fetching snapshot from HMS, it should log periodically on > where it stands in the snapshot process. This will help person debugging it > and help him understand the progress. > > This is important as this process could take magnitude of minutes when the > HMS data is huge. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Summary: Consecutive ALL grants get deleted when multiple roles have ALL grants on that object (was: Consecutive ALL grants get deleted) > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > > Grant ALL on server -> It gets applied. Grant the same ALL privilege to the > same role and it is getting deleted -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2492) Consecutive ALL grants get deleted when multiple roles have ALL grants on that object
[ https://issues.apache.org/jira/browse/SENTRY-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2492: - Description: Have multiple roles with ALL grant on the same object. Then repeat grant ALL on object to a any role. That role will lose its grant (was: Grant ALL on server -> It gets applied. Grant the same ALL privilege to the same role and it is getting deleted) > Consecutive ALL grants get deleted when multiple roles have ALL grants on > that object > - > > Key: SENTRY-2492 > URL: https://issues.apache.org/jira/browse/SENTRY-2492 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > > Have multiple roles with ALL grant on the same object. Then repeat grant ALL > on object to a any role. That role will lose its grant -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2477) When requesting for deltas check if nn seq num is 1 more than latest sequence num
[ https://issues.apache.org/jira/browse/SENTRY-2477?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2477: - Attachment: SENTRY-2477.0002.patch > When requesting for deltas check if nn seq num is 1 more than latest sequence > num > - > > Key: SENTRY-2477 > URL: https://issues.apache.org/jira/browse/SENTRY-2477 > Project: Sentry > Issue Type: Bug >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2477.0002.patch, SENTRY-2477.002.patch, > SENTRY-2477.01.patch, SENTRY-2477.02.patch > > > If NN seq number and latest sentry sequence number is larger than 1 we need > to request a full update -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (SENTRY-2492) Consecutive ALL grants get deleted
Arjun Mishra created SENTRY-2492: Summary: Consecutive ALL grants get deleted Key: SENTRY-2492 URL: https://issues.apache.org/jira/browse/SENTRY-2492 Project: Sentry Issue Type: Bug Components: Sentry Affects Versions: 2.1.0 Reporter: Arjun Mishra Assignee: Arjun Mishra Grant ALL on server -> It gets applied. Grant the same ALL privilege to the same role and it is getting deleted -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Resolution: Fixed Status: Resolved (was: Patch Available) > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.003.patch, SENTRY-2488.01.patch, > SENTRY-2488.02.patch, SENTRY-2488.03.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: SENTRY-2488.003.patch > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.003.patch, SENTRY-2488.01.patch, > SENTRY-2488.02.patch, SENTRY-2488.03.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: SENTRY-2488.003.patch > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.003.patch, SENTRY-2488.01.patch, > SENTRY-2488.02.patch, SENTRY-2488.03.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: (was: SENTRY-2488.003.patch) > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.01.patch, SENTRY-2488.02.patch, > SENTRY-2488.03.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2301) Log where sentry stands in the snapshot fetching process, periodically
[ https://issues.apache.org/jira/browse/SENTRY-2301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2301: - Attachment: SENTRY-2301.005.patch > Log where sentry stands in the snapshot fetching process, periodically > -- > > Key: SENTRY-2301 > URL: https://issues.apache.org/jira/browse/SENTRY-2301 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2301.005.patch, SENTRY-2301.01.patch, > SENTRY-2301.02.patch, SENTRY-2301.03.patch, SENTRY-2301.04.patch, > SENTRY-2301.05.patch > > > When sentry is fetching snapshot from HMS, it should log periodically on > where it stands in the snapshot process. This will help person debugging it > and help him understand the progress. > > This is important as this process could take magnitude of minutes when the > HMS data is huge. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2301) Log where sentry stands in the snapshot fetching process, periodically
[ https://issues.apache.org/jira/browse/SENTRY-2301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2301: - Attachment: SENTRY-2301.05.patch > Log where sentry stands in the snapshot fetching process, periodically > -- > > Key: SENTRY-2301 > URL: https://issues.apache.org/jira/browse/SENTRY-2301 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2301.01.patch, SENTRY-2301.02.patch, > SENTRY-2301.03.patch, SENTRY-2301.04.patch, SENTRY-2301.05.patch > > > When sentry is fetching snapshot from HMS, it should log periodically on > where it stands in the snapshot process. This will help person debugging it > and help him understand the progress. > > This is important as this process could take magnitude of minutes when the > HMS data is huge. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: SENTRY-2488.03.patch > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.01.patch, SENTRY-2488.02.patch, > SENTRY-2488.03.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: (was: SENTRY-2488.002.patch) > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.01.patch, SENTRY-2488.02.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: (was: SENTRY-2488.0002.patch) > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.01.patch, SENTRY-2488.02.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2490) When building a full perm update for each object we only build 1 privilege per role
[ https://issues.apache.org/jira/browse/SENTRY-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2490: - Resolution: Fixed Status: Resolved (was: Patch Available) > When building a full perm update for each object we only build 1 privilege > per role > --- > > Key: SENTRY-2490 > URL: https://issues.apache.org/jira/browse/SENTRY-2490 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2490.01.patch > > > When building a perm full update we only include one privilege a role has on > an object as opposed to the entire privilege set -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2301) Log where sentry stands in the snapshot fetching process, periodically
[ https://issues.apache.org/jira/browse/SENTRY-2301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2301: - Attachment: SENTRY-2301.04.patch > Log where sentry stands in the snapshot fetching process, periodically > -- > > Key: SENTRY-2301 > URL: https://issues.apache.org/jira/browse/SENTRY-2301 > Project: Sentry > Issue Type: Sub-task > Components: Sentry >Affects Versions: 2.1.0 >Reporter: kalyan kumar kalvagadda >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2301.01.patch, SENTRY-2301.02.patch, > SENTRY-2301.03.patch, SENTRY-2301.04.patch > > > When sentry is fetching snapshot from HMS, it should log periodically on > where it stands in the snapshot process. This will help person debugging it > and help him understand the progress. > > This is important as this process could take magnitude of minutes when the > HMS data is huge. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2488: - Attachment: SENTRY-2488.0002.patch > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.0002.patch, SENTRY-2488.002.patch, > SENTRY-2488.01.patch, SENTRY-2488.02.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (SENTRY-2488) Add privilege cache to sentry hive bindings in DefaultAccessValidator
[ https://issues.apache.org/jira/browse/SENTRY-2488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16754371#comment-16754371 ] Arjun Mishra commented on SENTRY-2488: -- Tests are passing locally. Resubmitting the patch > Add privilege cache to sentry hive bindings in DefaultAccessValidator > - > > Key: SENTRY-2488 > URL: https://issues.apache.org/jira/browse/SENTRY-2488 > Project: Sentry > Issue Type: Improvement > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2488.0002.patch, SENTRY-2488.002.patch, > SENTRY-2488.01.patch, SENTRY-2488.02.patch > > > We are not consistent with behavior in SentryHiveMetaStoreHook (not used > anymore) which would cache privileges when authorizing show databases or show > tables command. This needs to be added back -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2490) When building a full perm update for each object we only build 1 privilege per role
[ https://issues.apache.org/jira/browse/SENTRY-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2490: - Attachment: SENTRY-2490.01.patch > When building a full perm update for each object we only build 1 privilege > per role > --- > > Key: SENTRY-2490 > URL: https://issues.apache.org/jira/browse/SENTRY-2490 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2490.01.patch > > > When building a perm full update we only include one privilege a role has on > an object as opposed to the entire privilege set -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (SENTRY-2490) When building a full perm update for each object we only build 1 privilege per role
[ https://issues.apache.org/jira/browse/SENTRY-2490?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Arjun Mishra updated SENTRY-2490: - Status: Patch Available (was: Open) > When building a full perm update for each object we only build 1 privilege > per role > --- > > Key: SENTRY-2490 > URL: https://issues.apache.org/jira/browse/SENTRY-2490 > Project: Sentry > Issue Type: Bug > Components: Sentry >Affects Versions: 2.1.0 >Reporter: Arjun Mishra >Assignee: Arjun Mishra >Priority: Major > Attachments: SENTRY-2490.01.patch > > > When building a perm full update we only include one privilege a role has on > an object as opposed to the entire privilege set -- This message was sent by Atlassian JIRA (v7.6.3#76005)