xunliu opened a new issue, #4698: URL: https://github.com/apache/gravitino/issues/4698
### Describe the subtask Currently, we are implementing `AuthorizationPlugin` interface class in the Ranger authorization class `RangerAuthorizationPlugin`, The `RangerAuthorizationPlugin` supports common Ranger policy operations, for example 1. Create a Ranger policy on a Gravitino securable object, 2. Create a Ranger role on a Gravitino role entity, and more. When we need to supports a new Ranger service(HDFS, Trino, ...), we only need initial different variable of `RangerHelper.ownerPrivileges` and `RangerHelper.privilegesMapping` and `RangerHelper.policySearchKeys` and `RangerHelper.policyPreciseFilterKeys`. To make it easier to support different Ranger authorizations, I think we can extend the Ranger authorization by configuring the file. for example: 1. RangerHelper read `authorization-hdfs.xml` file to initial `RangerHelper.ownerPrivileges` and `privilegesMapping` and `policySearchKeys` and `policyPreciseFilterKeys` to supports Ranger HDFS authorizatons. 2. RangerHelper read `authorization-trion.xml` file to supports Ranger Trino authorizations. ### authorization configure file 1. Use properties format 2. authorization-hive.properties ``` authorization.multiple.owner = false authorization.privileges.owner = ACCESS_TYPE_HIVE_ALL authorization.privileges.mapping.CREATE_SCHEMA=ACCESS_TYPE_HIVE_CREATE authorization.privileges.mapping.CREATE_TABLE=ACCESS_TYPE_HIVE_CREATE authorization.privileges.mapping.MODIFY_TABLE=ACCESS_TYPE_HIVE_UPDATE,ACCESS_TYPE_HIVE_ALTER,ACCESS_TYPE_HIVE_WRITE authorization.privileges.mapping.SELECT_TABLE=ACCESS_TYPE_HIVE_READ,ACCESS_TYPE_HIVE_SELECT ``` ### Parent issue #4615 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
