Re: Review Request 71322: RANGER-2539:Create Default Policies for Hive Databases -default, Information_schema

[Madhan Neethiraj]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71322/#review217321
-----------------------------------------------------------




hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
Lines 194 (patched)
<https://reviews.apache.org/r/71322/#comment304624>

    Is use of RangerServiceDefHelper necessary here? Wouldn't it be simpler to 
add following 2 policies?
    - policy #1:
      name: default database
      resource: {database=default; table=* }
      allowItem: { group=public, access=create }
    
    - policy #2:
      name: information_schema database
      resource: { database=information_schema; table=*; column=* }
      allowItem: { group=public; access=select }



hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
Lines 313 (patched)
<https://reviews.apache.org/r/71322/#comment304623>

    Replacing user={USER} with group=public might be easier to read/understand 
the policy.



hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
Lines 319 (patched)
<https://reviews.apache.org/r/71322/#comment304625>

    Why is addition of ACCESS_TYPE_ALL necessary? There is already a policy in 
place for table '{OWNEER}'s to have all permissions.


- Madhan Neethiraj


On Aug. 20, 2019, 5:37 a.m., Ramesh Mani wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71322/
> -----------------------------------------------------------
> 
> (Updated Aug. 20, 2019, 5:37 a.m.)
> 
> 
> Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
> Madhan Neethiraj, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja Polavarapu, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2539
>     https://issues.apache.org/jira/browse/RANGER-2539
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> RANGER-2539:Create Default Policies for Hive Databases -default, 
> Information_schema
> 
> 
> Diffs
> -----
> 
>   
> hive-agent/src/main/java/org/apache/ranger/services/hive/RangerServiceHive.java
>  89b8100 
> 
> 
> Diff: https://reviews.apache.org/r/71322/diff/2/
> 
> 
> Testing
> -------
> 
> Testing in local vm by create a hive service.
> 
> 
> Thanks,
> 
> Ramesh Mani
> 
>