----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71899/#review223148 -----------------------------------------------------------
agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java Lines 601 (patched) <https://reviews.apache.org/r/71899/#comment312256> Can we optimize these two loops. probably we can store rangerRoles objects in a hashmap where role name can be key and RangerRole object can be stored as value. Later we can just run for loop on principalRoles and refer the created hashmap to compare and populate ret object. This may increase space requirement but shall reduce no. of cpu cycles. Please review. - Pradeep Agrawal On June 5, 2021, 7:48 a.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71899/ > ----------------------------------------------------------- > > (Updated June 5, 2021, 7:48 a.m.) > > > Review request for ranger, Don Bosco Durai, Gautam Borad, Abhay Kulkarni, > Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Selvamohan Neethiraj, > Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2640 > https://issues.apache.org/jira/browse/RANGER-2640 > > > Repository: ranger > > > Description > ------- > > RANGER-2640:Implement SHOW ROLE GRANT in Hive ranger plugin > > > Diffs > ----- > > > agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerPluginConfig.java > 3e35709aa > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngine.java > 71f8daeb5 > > agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java > 5ffd38f98 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerAuthContext.java > 81b1971a8 > > agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java > 115a576e0 > > agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRolesUtil.java > 0268e2f30 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java > e145ea299 > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizerBase.java > e06f1357f > > > Diff: https://reviews.apache.org/r/71899/diff/3/ > > > Testing > ------- > > - Verified in Local VM. > - Show Role Grant <user|group|role> <principal> implementation. > - Revised that patch to handle the ROLE fetch from plugin instead of getting > it from Ranger admin via rest. > - Introduced service configuration "ranger.plugin.service.admins" to maintain > list of service admin who can run "show role"commands in hive. > - Introduced api isServiceAdmin() in RangerBasePlugin to check if the user is > service admin. This will enable other plugins to use similar service admin > check for any ROLE based command authorization check. > > > Thanks, > > Ramesh Mani > >
