[
https://issues.apache.org/jira/browse/IMPALA-12554?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896747#comment-17896747
]
ASF subversion and git services commented on IMPALA-12554:
----------------------------------------------------------
Commit 4255926b126039fad81c3f1107f2b94c3846c9d2 in impala's branch
refs/heads/master from Fang-Yu Rao
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=4255926b1 ]
IMPALA-12554: Create one Ranger policy for multi-column GRANT
This patch makes Impala create only one Ranger policy for the GRANT
statement when there are multiple columns specified to reduce the number
of policies created on the Ranger server.
Note that this patch relies on RANGER-4585 and RANGER-4638.
Testing:
- Manually verified that Impala's catalog daemon only sends one
GrantRevokeRequest to the Ranger plug-in and that the value of the
key 'column' is a comma-separated list of column names involved in
the GRANT statement.
- Added an end-to-end test to verify only one Ranger policy will be
created in a multi-column GRANT statement.
Change-Id: I2b0ebba256c7135b4b0d2160856202292d720c6d
Reviewed-on: http://gerrit.cloudera.org:8080/21940
Reviewed-by: Impala Public Jenkins <[email protected]>
Tested-by: Impala Public Jenkins <[email protected]>
> Create only one Ranger policy for GRANT statement
> -------------------------------------------------
>
> Key: IMPALA-12554
> URL: https://issues.apache.org/jira/browse/IMPALA-12554
> Project: IMPALA
> Issue Type: Improvement
> Reporter: Fang-Yu Rao
> Assignee: Fang-Yu Rao
> Priority: Major
>
> Currently Impala would create a Ranger policy for each column specified in a
> GRANT statement. For instance, after the following query, 3 Ranger policies
> would be created on the Ranger server. This could result in a lot of policies
> created when there are many columns specified and it may result in Impala's
> Ranger plug-in taking a long time to download the policies from the Ranger
> server. It would be great if Impala only creates one single policy for
> columns in the same table.
> {code:java}
> [localhost:21050] default> grant select(id, bool_col, tinyint_col) on table
> functional.alltypes to user non_owner;
> Query: grant select(id, bool_col, tinyint_col) on table functional.alltypes
> to user non_owner
> Query submitted at: 2023-11-10 09:38:58 (Coordinator: http://fangyu:25000)
> Query progress can be monitored at:
> http://fangyu:25000/query_plan?query_id=bc4fa1cdefe5881b:413d9a6900000000
> +---------------------------------+
> | summary |
> +---------------------------------+
> | Privilege(s) have been granted. |
> +---------------------------------+
> Fetched 1 row(s) in 0.67s
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
