GitHub user zuotingbing created a discussion: when i set gravitino.authorization.enable=true and configure the ranger properties,why normal users without privilege can alter or drop fileset?
set gravitino.authorization.enable=true and configure the following properties about my ranger server: authorization-provider=ranger authorization.ranger.admin.url=http://10.57.74.11:6080 authorization.ranger.auth.type=simple authorization.ranger.username=admin authorization.ranger.password=Mytest authorization.ranger.service.type=HDFS authorization.ranger.service.name=hdfsDev 1、Create a metalak curl -L 'http://localhost:8090/api/metalakes' \ -H 'Content-Type: application/json' \ -H 'Accept: application/vnd.gravitino.v1+json' \ -d '{ "name": "ztb", "comment": "test metalake", "properties": {} }' 2、Add normal user without any privilege curl -L 'http://localhost:8090/api/metalakes/ztb/users' \ -H 'Content-Type: application/json' \ -H 'Accept: application/vnd.gravitino.v1+json' \ -d '{ "name": "aaa" }' 3、Create a catalog of FILESET curl -X POST -H "Accept: application/vnd.gravitino.v1+json" \ -H "Content-Type: application/json" -d '{ "name": "filesetcatalog", "type": "FILESET", "comment": "comment", "provider": "hadoop", "properties": { "location": "hdfs://nameservice/ztb/data" } }' http://localhost:8090/api/metalakes/ztb/catalogs 4、Create a schema curl -X POST -H "Accept: application/vnd.gravitino.v1+json" \ -H "Content-Type: application/json" -d '{ "name": "schema", "comment": "comment", "properties": { "location": "hdfs://nameservice/ztb/data/schema" } }' http://localhost:8090/api/metalakes/ztb/catalogs/filesetcatalog/schemas 5、Create a fileset curl -X POST -H "Accept: application/vnd.gravitino.v1+json" \ -H "Content-Type: application/json" -d '{ "name": "example_fileset", "comment": "This is an example fileset", "type": "MANAGED", "storageLocation": "hdfs://nameservice/ztb/data/schema/example_fileset", "properties": { "k1": "v1" } }' http://localhost:8090/api/metalakes/ztb/catalogs/filesetcatalog/schemas/schema/filesets 6、Alter a fileset use normal user aaa curl -u aaa: -X PUT -H "Accept: application/vnd.gravitino.v1+json" \ -H "Content-Type: application/json" -d '{ "updates": [ { "@type": "setProperty", "property": "key3", "value": "value3" } ] }' http://localhost:8090/api/metalakes/ztb/catalogs/filesetcatalog/schemas/schema/filesets/example_fileset 7、Drop a fileset use normal user aaa curl -u aaa: -X DELETE -H "Accept: application/vnd.gravitino.v1+json" \ -H "Content-Type: application/json" \ http://localhost:8090/api/metalakes/ztb/catalogs/filesetcatalog/schemas/schema/filesets/example_fileset GitHub link: https://github.com/apache/gravitino/discussions/8649 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
