Re: Review Request 71899: RANGER-2640:Implement SHOW ROLE GRANT in Hive ranger plugin

Sat, 05 Jun 2021 00:48:22 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71899/
-----------------------------------------------------------

(Updated June 5, 2021, 7:48 a.m.)


Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, 
Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, Sailaja 
Polavarapu, and Velmurugan Periasamy.


Changes
-------

Fixed review comments


Bugs: RANGER-2640
    https://issues.apache.org/jira/browse/RANGER-2640


Repository: ranger


Description
-------

RANGER-2640:Implement SHOW ROLE GRANT in Hive ranger plugin


Diffs (updated)
-----

  
agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java
 3e35709aa 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java
 71f8daeb5 
  
agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
 5ffd38f98 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java
 81b1971a8 
  
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
 115a576e0 
  
agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesUtil.java 
0268e2f30 
  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
 e145ea299 
  
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java
 e06f1357f 


Diff: https://reviews.apache.org/r/71899/diff/3/

Changes: https://reviews.apache.org/r/71899/diff/2-3/


Testing
-------

- Verified in Local VM.
- Show Role Grant <user|group|role> <principal> implementation. 
- Revised that patch to handle the ROLE fetch from plugin instead of getting it 
from Ranger admin via rest.
- Introduced service configuration "ranger.plugin.service.admins" to maintain 
list of service admin who can run "show role"commands in hive.
- Introduced api isServiceAdmin() in RangerBasePlugin to check if the user is 
service admin. This will enable other plugins to use similar service admin 
check for any ROLE based command authorization check.


Thanks,

Ramesh Mani

Reply via email to