[
https://issues.apache.org/jira/browse/IMPALA-12578?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fang-Yu Rao updated IMPALA-12578:
---------------------------------
Summary: Pass the owner user to Ranger plug-in in GRANT and REVOKE
statements for databases, tables, and columns (was: Pass the owner user to the
Ranger plug-in in GRANT and REVOKE statements)
> Pass the owner user to Ranger plug-in in GRANT and REVOKE statements for
> databases, tables, and columns
> -------------------------------------------------------------------------------------------------------
>
> Key: IMPALA-12578
> URL: https://issues.apache.org/jira/browse/IMPALA-12578
> Project: IMPALA
> Issue Type: New Feature
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Major
>
> Starting from RANGER-1200, Ranger supports the notion of the OWNER user,
> which allows each user to perform any operation on the resources owned by it.
> This avoids the need for creating a new policy that grants the OWNER user the
> privileges on every newly created resource. Refer to
> [apache-ranger-policy-model|https://blogsarchive.apache.org/ranger/entry/apache-ranger-policy-model#:~:text=allow%20each%20user%20to%20access%20all,all].
> Currently for the GRANT and REVOKE statements, Impala does not pass the owner
> of the resource to the Ranger plug-in and thus a non-administrative user
> could not grant/revoke privileges on a resource to/from another user even
> though this non-administrative user owns the resource. We should pass the
> ownership information to the Ranger plug-in to make authorization management
> easier in Impala.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
