> On Nov. 27, 2019, 11:34 p.m., Ramesh Mani wrote: > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > > Lines 895 (patched) > > <https://reviews.apache.org/r/71839/diff/1/?file=2179621#file2179621line895> > > > > Yes that is needed. Just having 'any' permission in the request for > > show tables / views resulting in evaluation of a DATABASE policy allowing > > this access. > > > > Expectation is that there should be a table level policy with "SELECT" > > permission giving access to those tables and views. > > Madhan Neethiraj wrote: > Requiring 'select' permission at the table level (i.e. all columns of the > table) doesn't look right. Shouldn't the table be included in the following > cases? > - user having 'select' permission to only some columns of the table i.e. > not all columns > - user not having 'select' permission on the table, but other permissions > like create/alter/drop
Madhan, I have put a new request fixing this issue also. - Ramesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71839/#review218835 ----------------------------------------------------------- On Dec. 4, 2019, 1:41 a.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71839/ > ----------------------------------------------------------- > > (Updated Dec. 4, 2019, 1:41 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2656 > https://issues.apache.org/jira/browse/RANGER-2656 > > > Repository: ranger > > > Description > ------- > > RANGER-2656:RangerHiveAuthorizer filterListCmdObjects failed to filter > database / tables when HMS calls the authorizer for filtering > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java > 8469605 > agents-common/src/test/resources/policyengine/test_policyengine_hive.json > efc1dcc > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java > 765da59 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > f10bde4 > > > Diff: https://reviews.apache.org/r/71839/diff/3/ > > > Testing > ------- > > Verified in Local VM. > 1) Show database and Show table via spark shell to invoke HMS api works as > expected. > > > Thanks, > > Ramesh Mani > >
