[
https://issues.apache.org/jira/browse/RANGER-3142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271096#comment-17271096
]
Anchal Agarwal commented on RANGER-3142:
----------------------------------------
Hi [~comma337],
Thanks for your comment.
I tried using roles instead of groups as you suggested and one of the following
two options worked:
# Added a new internal role in ranger and added my ldap 'group' to it. But the
policy didn't work.
# Added a new internal role in ranger and added my ldap 'users' to it. The
policy became effective this time.
Is this what you meant? Or did you do something different?
My concern with this approach is that I had to create an internal role and add
users manually to it.
Thanks,
Anchal
> Access control based on groups not working for presto plugin
> -------------------------------------------------------------
>
> Key: RANGER-3142
> URL: https://issues.apache.org/jira/browse/RANGER-3142
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 2.1.0
> Environment: ranger-2.1.0-presto-plugin.tar.gz
> presto-server-347.tar.gz
> Reporter: Anchal Agarwal
> Assignee: Pradeep Agrawal
> Priority: Major
>
> I'm using ranger-2.1.0 for access control in prestosql-347.
> A policy with user list in 'allow conditions' works i.e. if I connect to
> presto with a user in the allowed list, my query returns the expected results.
> But instead of users, if I use group in the policy and try accessing presto
> with a user belonging to that group, then I'm denied access.
> {code:java}
> %presto
> show tables in default
> Query failed (#20210106_032741_00000_dddsy): Access Denied: Cannot access
> catalog hive
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
