> On June 28, 2024, 11:57 p.m., Madhan Neethiraj wrote: > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > > Lines 62 (patched) > > <https://reviews.apache.org/r/75071/diff/1/?file=2289430#file2289430line62> > > > > Ramesh - requestData is set in #59 above. If this value is null/blank, > > shouldn't this be fixed in Hive - to ensure that the > > HiveAuthzContext.commandString is populated correctly? > > > > In #64, is it not necessry to distingush "show tables" and "show > > databases"? Are there no other metadata operations in Hive (that need to be > > recorded in the audit log)? > > Ramesh Mani wrote: > Madhan - Yes this has to be coming from Hive. In Ranger the commands that > are going to come through the filterObjects will be marked as "Metadata > Operation". those are show database, show tables and show view, show > materialized view, but we won't be able to differentiate between tables / > views, so we can have command string as "show tables / views" until hive > sends the commanString and it gets populated correctly.
Ramesh - when HiveAuthzContext object passed to filterObjects() has empty commandString, how about deriving from HivePrivilegeObject objects passed to filterObject()? - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/75071/#review226610 ----------------------------------------------------------- On June 29, 2024, 5:33 p.m., Ramesh Mani wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/75071/ > ----------------------------------------------------------- > > (Updated June 29, 2024, 5:33 p.m.) > > > Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Pradeep Agrawal, > and Velmurugan Periasamy. > > > Bugs: RANGER-4835 > https://issues.apache.org/jira/browse/RANGER-4835 > > > Repository: ranger > > > Description > ------- > > RANGER-4835:RangerHiveAuthorizer audit enhancement for metadata operations > like show table and databases > > > Diffs > ----- > > > hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAccessRequest.java > deb467f7f > > > Diff: https://reviews.apache.org/r/75071/diff/2/ > > > Testing > ------- > > - Testing done in local vm on RangerHivePlugin with operations like show > database, show tables, use database, select queries. > > > Thanks, > > Ramesh Mani > >
