> On June 28, 2024, 11:57 p.m., Madhan Neethiraj wrote: > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > > Lines 62 (patched) > > <https://reviews.apache.org/r/75071/diff/1/?file=2289430#file2289430line62> > > > > Ramesh - requestData is set in #59 above. If this value is null/blank, > > shouldn't this be fixed in Hive - to ensure that the > > HiveAuthzContext.commandString is populated correctly? > > > > In #64, is it not necessry to distingush "show tables" and "show > > databases"? Are there no other metadata operations in Hive (that need to be > > recorded in the audit log)?
Madhan - Yes this has to be coming from Hive. In Ranger the commands that are going to come through the filterObjects will be marked as "Metadata Operation". those are show database, show tables and show view, show materialized view, but we won't be able to differentiate between tables / views, so we can have command string as "show tables / views" until hive sends the commanString and it gets populated correctly. - Ramesh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75071/#review226610 ----------------------------------------------------------- On June 28, 2024, 10:45 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75071/ > ----------------------------------------------------------- > > (Updated June 28, 2024, 10:45 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, > and Velmurugan Periasamy. > > > Bugs: RANGER-4835 > https://issues.apache.org/jira/browse/RANGER-4835 > > > Repository: ranger > > > Description > ------- > > RANGER-4835:RangerHiveAuthorizer audit enhancement for metadata operations > like show table and databases > > > Diffs > ----- > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > deb467f7f > > > Diff: https://reviews.apache.org/r/75071/diff/1/ > > > Testing > ------- > > - Testing done in local vm on RangerHivePlugin with operations like show > database, show tables, use database, select queries. > > > Thanks, > > Ramesh Mani > >
