@Override public void runTestAsSubject() throws Exception { // Grant a privilege with Grant Option String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; boolean grantOption = true; boolean withoutGrantOption = false; client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Try to revoke the privilege without grantOption and can't revoke the privilege. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Try to revoke the privilege with grantOption, the privilege will be revoked. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
client.revokeTablePrivilege(requestorUserName, roleName, serverName, dbName, tableName, "SELECT"); fieldValueMap.clear(); client.revokeTablePrivilege(requestorUserName, errorRoleName, serverName, dbName, tableName, "SELECT"); fail("Exception should have been thrown");
client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db1", "table1", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 4); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 3); client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db1", "table2", "ALL"); client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db2", "table3", "ALL"); client.revokeTablePrivilege(requestorUserName, roleName1, "server", "db2", "table4", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db1", "table2", "ALL"); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db2", "table3", "ALL"); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db2", "table4", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 0);
@Override public void runTestAsSubject() throws Exception { // Grant a privilege with 'Grant Option'. String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); String roleName = "admin_r1"; boolean grantOption = true; boolean withoutGrantOption = false; client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", grantOption); assertEquals(1, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Grant a privilege without 'Grant Option'. client.grantTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", withoutGrantOption); assertEquals(2, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); // Use 'grantOption = null', the two privileges will be revoked. client.revokeTablePrivilege(requestorUserName, roleName, "server", "db1", "table1", "ALL", null); assertEquals(0, client.listAllPrivilegesByRoleName(requestorUserName, roleName).size()); }}); }
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } }
assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 6); client.revokeTablePrivilege(requestorUserName, roleName2, "server", "db1", "table1", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName2); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 4);
toDbSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (columnNames == null) { sentryClient.revokeTablePrivilege(subject, princ.getName(), server, dbName, tableName, toSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else {