Review Request 74423: RANGER-4219: Grant permission in Impala engine not working with {user} in ranger policy

Abhay Kulkarni Tue, 02 May 2023 21:32:59 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74423/
-----------------------------------------------------------


Review request for ranger, madhan, Madhan Neethiraj, Pradeep Agrawal, and 
Ramesh Mani.


Bugs: RANGER-4219
    https://issues.apache.org/jira/browse/RANGER-4219


Repository: ranger


Description
-------

1. users "test" and user has its own database "utest"
2. Ranger policy to grant permissions:
—
Database: u

{USER}
table: *
columns: *

Allow Conditions: user: {USER}

permission: ALL +Delegate Admin
—

The grant does not work for Impala GRANTs. The following error is seen.

> GRANT SELECT ON TABLE utest.testtable TO ROLE rolename;

The response is:
InternalException: Error granting a privilege in Ranger. Ranger error message: 
HTTP 403 Error: User doesn't have necessary permission to grant access


Diffs
-----

  
agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
 96e232b43 


Diff: https://reviews.apache.org/r/74423/diff/1/


Testing
-------

Compiled and ran unit tests successfully.
Verified the fix using cURL command to invoke secureGrant REST endpoint.


Thanks,

Abhay Kulkarni

Review Request 74423: RANGER-4219: Grant permission in Impala engine not working with {user} in ranger policy

Reply via email to