assertAuditLog(fieldValueMap); client.revokeDatabasePrivilege(requestorUserName, roleName, serverName, dbName, "ALL"); fieldValueMap.clear(); fieldValueMap.put(Constants.LOG_FIELD_OPERATION, Constants.OPERATION_REVOKE_PRIVILEGE); client.revokeDatabasePrivilege(requestorUserName, errorRoleName, serverName, dbName, "ALL"); fail("Exception should have been thrown");
@Override public void runTestAsSubject() throws Exception { String requestorUserName = ADMIN_USER; Set<String> requestorUserGroupNames = Sets.newHashSet(ADMIN_GROUP); String roleName = "admin_testdb"; String server = "server1"; String db = "testDB"; setLocalGroupMapping(requestorUserName, requestorUserGroupNames); writePolicyFile(); client.dropRoleIfExists(requestorUserName, roleName); client.createRole(requestorUserName, roleName); Set<TSentryRole> roles = client.listRoles(requestorUserName); assertEquals("Incorrect number of roles", 1, roles.size()); client.grantDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL); Set<TSentryPrivilege> privileges = client.listAllPrivilegesByRoleName(requestorUserName, roleName); assertTrue(privileges.size() == 1); client.revokeDatabasePrivilege(requestorUserName, roleName, server, db, AccessConstants.ALL); client.dropRole(requestorUserName, roleName); }}); }
@Override public void execute(SentryPolicyServiceClient client, String requestorName) throws Exception { TSentryPrivilege tSentryPrivilege = CommandUtil.convertToTSentryPrivilege(privilegeStr); boolean grantOption = tSentryPrivilege.getGrantOption().equals(TSentryGrantOption.TRUE) ? true : false; if (ServiceConstants.PrivilegeScope.SERVER.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeServerPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), grantOption); } else if (ServiceConstants.PrivilegeScope.DATABASE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeDatabasePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.TABLE.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeTablePrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.COLUMN.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeColumnPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getDbName(), tSentryPrivilege.getTableName(), tSentryPrivilege.getColumnName(), tSentryPrivilege.getAction(), grantOption); } else if (ServiceConstants.PrivilegeScope.URI.toString().equals(tSentryPrivilege.getPrivilegeScope())) { client.revokeURIPrivilege(requestorName, roleName, tSentryPrivilege.getServerName(), tSentryPrivilege.getURI(), grantOption); } }
assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 5); client.revokeDatabasePrivilege(requestorUserName, roleName1, "server", "db1", "ALL"); listPrivilegesByRoleName = client.listAllPrivilegesByRoleName(requestorUserName, roleName1); assertTrue("Privilege not correctly revoked !!", listPrivilegesByRoleName.size() == 2);
sentryClient.revokeURIPrivilege(subject, princ.getName(), server, uriPath, grantOption); } else if (tableName == null) { sentryClient.revokeDatabasePrivilege(subject, princ.getName(), server, dbName, toDbSentryAction(privDesc.getPrivilege().getPriv()), grantOption); } else if (columnNames == null) {