[
https://issues.apache.org/jira/browse/RANGER-4771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17937144#comment-17937144
]
Madhan Neethiraj commented on RANGER-4771:
------------------------------------------
[~fangyurao] - starting with Ranger 2.6.0 release, plugins support
username/password authentication with Ranger admin server, with following
configurations. Can you use this approach to address the issue seen during
Apache Impala integration testing? This will require you Apache Impala plugin
to be built with Ranger 2.6.0 libraries.
{noformat}
ranger.plugin.impala.policy.rest.client.username=<username>
ranger.plugin.impala.policy.rest.client.password=<password>
{noformat}
> Remove the calls to ensureAdminAccess() in grantAccess() and revokeAccess()
> ---------------------------------------------------------------------------
>
> Key: RANGER-4771
> URL: https://issues.apache.org/jira/browse/RANGER-4771
> Project: Ranger
> Issue Type: Task
> Components: admin
> Reporter: Fang-Yu Rao
> Priority: Major
>
> We added calls to {*}ensureAdminAccess{*}() in {*}grantAccess{*}() and
> {*}revokeAccess{*}() in RANGER-4445.
> But according to
> [https://github.com/apache/ranger/blame/master/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java#L1251]
> and
> [https://github.com/apache/ranger/blame/master/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java#L1492],
> {*}grantAccess{*}() and {*}revokeAccess{*}() are open API's. Thus, it seems
> we could safely remove the calls to {*}ensureAdminAccess{*}() in these 2
> places.
> Removing the calls to {*}ensureAdminAccess{*}() also allows the users of
> other Apache components, e.g., Apache Impala, to test the integration with
> Apache Ranger, since at the moment Apache Impala stills relies on
> {*}grantAccess{*}() and {*}revokeAccess{*}() to perform authorization-related
> tests.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
