This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit ce4de4e7e34f95f6a6df02bc1e9873fd1d423101
Author: rujia1019 <[email protected]>
AuthorDate: Mon Oct 12 20:06:35 2020 +0800

    RANGER-3035: plugin-presto: M-M user can not access presto with right 
permission
    
    Signed-off-by: pradeep <[email protected]>
---
 .../authorization/presto/authorizer/RangerSystemAccessControl.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git 
a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
 
b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
index f4fc89d..5794a82 100644
--- 
a/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
+++ 
b/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java
@@ -642,23 +642,26 @@ public class RangerSystemAccessControl
   /** HELPER FUNCTIONS **/
 
   private RangerPrestoAccessRequest createAccessRequest(RangerPrestoResource 
resource, SystemSecurityContext context, PrestoAccessType accessType) {
-    Set<String> userGroups = null;
+       String userName = null;
+       Set<String> userGroups = null;
 
     if (useUgi) {
       UserGroupInformation ugi = 
UserGroupInformation.createRemoteUser(context.getIdentity().getUser());
 
+      userName = ugi.getShortUserName();
       String[] groups = ugi != null ? ugi.getGroupNames() : null;
 
       if (groups != null && groups.length > 0) {
         userGroups = new HashSet<>(Arrays.asList(groups));
       }
     } else {
+      userName = context.getIdentity().getUser();
       userGroups = context.getIdentity().getGroups();
     }
 
     RangerPrestoAccessRequest request = new RangerPrestoAccessRequest(
       resource,
-      context.getIdentity().getUser(),
+      userName,
       userGroups,
       accessType
     );

Reply via email to