Repository: incubator-ranger Updated Branches: refs/heads/master 89c524da9 -> 016f0f6fd
RANGER-530: Access-type 'all' should imply rest of the permissions in Hive Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/016f0f6f Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/016f0f6f Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/016f0f6f Branch: refs/heads/master Commit: 016f0f6fd4132a4843f69354b6a4d413ff9c289e Parents: 89c524d Author: Madhan Neethiraj <[email protected]> Authored: Thu Jun 4 17:35:54 2015 -0700 Committer: Madhan Neethiraj <[email protected]> Committed: Thu Jun 4 17:36:03 2015 -0700 ---------------------------------------------------------------------- .../resources/service-defs/ranger-servicedef-hive.json | 12 +++++++++++- .../hive/authorizer/RangerHiveAuthorizer.java | 3 +++ 2 files changed, 14 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/016f0f6f/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json index b01a1d8..2c48298 100644 --- a/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/agents-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -131,7 +131,17 @@ { "itemId": 8, "name": "all", - "label": "All" + "label": "All", + "impliedGrants": + [ + "select", + "update", + "create", + "drop", + "alter", + "index", + "lock" + ] } ], http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/016f0f6f/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java ---------------------------------------------------------------------- diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index ad73682..1df1af4 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -312,6 +312,9 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { List<RangerAccessRequest> colRequests = new ArrayList<RangerAccessRequest>(); String[] columns = StringUtils.split(resource.getColumn(), COLUMN_SEP); + + // in case of multiple columns, original request is not sent to the plugin; hence service-def will not be set + resource.setServiceDef(hivePlugin.getServiceDef()); for(String column : columns) { if (column != null) {
