> On April 26, 2021, 12:17 a.m., Abhay Kulkarni wrote: > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > > Lines 2932 (patched) > > <https://reviews.apache.org/r/73300/diff/1/?file=2249104#file2249104line2932> > > > > It is very expensive to get roles from Ranger for every Hive access. > > Instead, please consider modifying implementation of getCurrentRoles() as > > follows and call getCurrentRoles() as before instead of calling > > getCurrentRolesFromRanger(). > > > > private Set<String> getCurrentRoles() { > > > > UserGroupInformation ugi = getCurrentUserGroupInfo(); > > String user = > > ugi.getShortUserName(); > > Set<String> groups = > > Sets.newHashSet(ugi.getGroupNames()); > > return > > hivePlugin.getCurrentRangerAuthContext().getRolesForUserAndGroups(user, > > groups); > > > > }
getCurrentRolesFromRanger also fetches the roles from ranger Plugin instead of going to Ranger Admin. But I see that this can be simplified instead of using getCurrentRolesFromRanger() call. - Ramesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/73300/#review222861 ----------------------------------------------------------- On April 25, 2021, 10:14 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/73300/ > ----------------------------------------------------------- > > (Updated April 25, 2021, 10:14 p.m.) > > > Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, > Mehul Parikh, Selvamohan Neethiraj, Sailaja Polavarapu, and Velmurugan > Periasamy. > > > Bugs: RANGER-3252 > https://issues.apache.org/jira/browse/RANGER-3252 > > > Repository: ranger > > > Description > ------- > > RANGER-3252:Inconsistent behavior in Ranger Role authorization within same > hive beeline session > > > Diffs > ----- > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > 5bd5c2da4 > > > Diff: https://reviews.apache.org/r/73300/diff/1/ > > > Testing > ------- > > - Within the Same Hive Session when Roles are updated for inclusion and > exclusion of user/group/roles, authorization failed for those users/ groups > and roles and this patch takes care of it > - verified by setting current role with "set role <rolename>" within the same > Hive session. > - verified show roles and show current roles based on inclusion and exclusion > of user / groups and roles. > > > Thanks, > > Ramesh Mani > >
