-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/75415/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Gautam Borad, Abhay Kulkarni, Madhan
Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani, Sailaja Polavarapu, and
Velmurugan Periasamy.
Bugs: RANGER-5410
https://issues.apache.org/jira/browse/RANGER-5410
Repository: ranger
Description
-------
Currently, when row-filter/column masking policy is enabled, the user is not
able to insert any new data or sensitive information is not visible to the
user. However, when rename of a table is allowed for the same table, then user
can insert a new row into the table and the masked information is also visible.
This is a security gap.
In this patch, I have updated the Hive authorization logic so that the ALTER
TABLE command is denied if the source table has an active row filter or column
masking policy, so that security policies are not bypassed by renaming tables
or columns.
Diffs
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
d5176ff97
Diff: https://reviews.apache.org/r/75415/diff/1/
Testing
-------
build successful with "mvn clean install" command.
Execute the following queries as a Hive user:
create database d1;
create external table d1.employee (id int, name String, salary int);
insert into d1.employee values (1, 'sam', 10000);
insert into d1.employee values (2, 'dam', 20000);
insert into d1.employee values (3, 'bam', 30000);
insert into d1.employee values (4, 'pam', 40000);
select * from d1.employee;
Create a Ranger Access Policy as follows:
Policy-Type = Access
Resource = database- d1; table- *; column- *;
Permissions = all
user = systest
Run the following queries as the systest user to verify update and alter
permissions on the employee table:
insert into d1.employee values (5, 'tom', 50000);
ALTER TABLE d1.employee rename to d1.emp;
ALTER TABLE d1.emp rename to d1.employee;
select * from d1.employee;
ALTER TABLE d1.employee change salary emp_salary int;
ALTER TABLE d1.employee change emp_salary salary int;
Verify the Ranger Access audits for above commands with the allowed access
results.
Next, create a Ranger Access Policy as follows:
Policy-Type = Masking
Resource = database- d1; table- employee; column- salary;
Permissions = select
Masking Option = Nullify
user = systest
After syncing the policy at the Hive plugin, run the following commands to
verify that access enforcement results in 'denied' for INSERT/ALTER operations:
select * from d1.employee;
insert into d1.emp values (6, 'yom', 60000);
ALTER TABLE d1.employee rename to d1.emp;
ALTER TABLE d1.employee change salary emp_salary int;
Now disable the masking policy and run select * from d1.employee; as the
systest user to confirm that the policy is disabled. Then create a row-filter
policy as follows:
Policy-Type = Row Level Filter
Resource = database- d1; table- employee;
Permissions = select
Row Level Filter = salary >= 30000
user = systest
After syncing the row-filter policy at the Hive plugin, run the following
commands to verify that access is 'denied' for INSERT/ALTER operations:
select * from d1.employee;
insert into d1.emp values (6, 'yom', 60000);
ALTER TABLE d1.employee rename to d1.emp;
ALTER TABLE d1.employee change salary emp_salary int;
Thanks,
Mahesh Bandal
