[
https://issues.apache.org/jira/browse/RANGER-3150?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fang-Yu Rao updated RANGER-3150:
--------------------------------
Description:
Right now there is no straightforward way provided by {{RangerBasePlugin}} that
allows Impala to retrieve the list of privileges granted to a principal, which
could be a user, a group, or a role. It looks like the resources always need to
be explicitly specified in a {{RangerAccessRequest}} in order for a plugin user
to retrieve from a {{RangerResourceACLs}} the privileges granted to a
principal. It would be nice if there is no such requirement, i.e., having to
specify the resources.
Refer to
[RangerImpaladAuthorizationManager#getPrivileges()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java#L340-L403]
for how Impala retrieves the privileges granted to a principal with respect to
the specified resources.
was:
Right now there is no straightforward way provided by {{RangerBasePlugin}} that
allows Impala to retrieve the list of privileges granted to a principal, which
could be a user, a group, or a role. It looks like the resources always need to
be explicitly specified in a {{RangerAccessRequest}} in order for a plugin user
to retrieve from a {{RangerResourceACLs}} the privileges granted to a
principal. It would be nice if there is no such requirement, i.e., having to
specify the resources.
Refer to
[RangerImpaladAuthorizationManager#getPrivileges()|https://github.infra.cloudera.com/CDH/Impala/blob/CDH-7.1-maint/fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java#L340-L403]
for how Impala retrieves the privileges granted to a principal with respect to
the specified resources.
> Retrieve the list of privileges granted to a principal
> ------------------------------------------------------
>
> Key: RANGER-3150
> URL: https://issues.apache.org/jira/browse/RANGER-3150
> Project: Ranger
> Issue Type: Improvement
> Components: plugins, Ranger
> Reporter: Fang-Yu Rao
> Priority: Major
>
> Right now there is no straightforward way provided by {{RangerBasePlugin}}
> that allows Impala to retrieve the list of privileges granted to a principal,
> which could be a user, a group, or a role. It looks like the resources always
> need to be explicitly specified in a {{RangerAccessRequest}} in order for a
> plugin user to retrieve from a {{RangerResourceACLs}} the privileges granted
> to a principal. It would be nice if there is no such requirement, i.e.,
> having to specify the resources.
> Refer to
> [RangerImpaladAuthorizationManager#getPrivileges()|https://github.com/apache/impala/blob/master/fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java#L340-L403]
> for how Impala retrieves the privileges granted to a principal with respect
> to the specified resources.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
