tooptoop4 commented on issue #36: [RANGER-2395] Add Presto plugin URL: https://github.com/apache/ranger/pull/36#issuecomment-570348580 some fixes: https://github.com/apache/ranger/blob/master/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java#L130 change checkCanSetSystemSessionProperty to have a dummy IF condition that always results in false so that session properties are never denied https://github.com/apache/ranger/blob/master/plugin-presto/src/main/java/org/apache/ranger/authorization/presto/authorizer/RangerSystemAccessControl.java#L130 change checkCanSetUser to have an IF condition (principal does not equal userName) then accessDenied. This is critical so that users can't impersonate the privileges of another user https://github.com/prestodb/presto/issues/13394 remove deny in presto code
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
