> On July 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote: > > I'm wondering what the expected output of "show grant user X" is? I would > > have expected to see the privileges that correspond to policies created in > > the Ranger admin service, but this is not the case. If the output is > > nothing to do with Ranger policies, then I'm wondering what the use-case is > > here for supporting this functionality with the Ranger authorizer? > > pengjianhua wrote: > The hive plugin effected the hive function after used the hive plugin. > Lots of programs have used "show grant user" command before used hive plugin > of Ranger. They can run succefully. Now these programs run fail after the > user used hive plugin. The issue resolved this problem. Details are as > following. > 1. Execute the 'show grant user' succefully in hive when user doesn't use > ranger hive plugin. > 2. Execute the 'show grant user' fail in hive when user uses ranger hive > plugin. > The conclusion is that the hive command run fail after used hive plugin > of ranger. All application programs using this command executed fail after > the user used hive plugin of ranger. This issue affected the hive's functions > which are ok if user doesn't use our hive plugin.
What I'm wondering is what the purpose of "show user grant" is though, once we are using the Ranger authorizer? If we are enabling Ranger to secure Hive, then what purpose do the Hive privileges serve? The privileges won't be enforced as the Ranger policies will be enforced instead? - Colm ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/61202/#review181803 ----------------------------------------------------------- On July 31, 2017, 2:15 a.m., pengjianhua wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/61202/ > ----------------------------------------------------------- > > (Updated July 31, 2017, 2:15 a.m.) > > > Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang > Zhang. > > > Bugs: RANGER-1669 > https://issues.apache.org/jira/browse/RANGER-1669 > > > Repository: ranger > > > Description > ------- > > New Defects reported by Coverity Scan for Apache Ranger > Please find the latest report on new defect(s) introduced to Apache Ranger > found with Coverity Scan. > Null pointer dereferences (NULL_RETURNS) > >>> CID 166074: Null pointer dereferences (NULL_RETURNS) > >>> Calling a method on null object "msObjPrivs". > 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) { > 1475 HivePrincipal resPrincipal = new HivePrincipal( > 1476 msObjPriv.getPrincipalName(), > 1477 > AuthorizationUtils.getHivePrincipalType(msObjPriv > 1478 .getPrincipalType())); > > Reason: Hi, Hive also has this problem, > Update patch solved this prolem for hive-plugin(Ranger-1669). > hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks. > > > Diffs > ----- > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 6872e50 > > hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java > 011d2c3 > > > Diff: https://reviews.apache.org/r/61202/diff/2/ > > > Testing > ------- > > tested it > > > Thanks, > > pengjianhua > >
