[
https://issues.apache.org/jira/browse/HIVE-21833?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16865099#comment-16865099
]
Daniel Dai commented on HIVE-21833:
-----------------------------------
HIVE-21833.9.patch does not have the toString change which exists in
HIVE-21833.8.patch. Is that intended?
> Ranger Authorization in Hive based on object ownership
> ------------------------------------------------------
>
> Key: HIVE-21833
> URL: https://issues.apache.org/jira/browse/HIVE-21833
> Project: Hive
> Issue Type: New Feature
> Components: HiveServer2
> Reporter: Sam An
> Assignee: Sam An
> Priority: Major
> Attachments: HIVE-21833.1.patch, HIVE-21833.2.patch,
> HIVE-21833.6.patch, HIVE-21833.7.patch, HIVE-21833.8.patch, HIVE-21833.9.patch
>
>
> Background: Currently Hive Authorizer for Ranger does not provide owner
> information for Hive objects as part of AuthZ calls. This has resulted in
> gaps with respect to Sentry AuthZ and customers/partners cannot leverage
> privileges for owners in their authorization model.
>
> User Story: As an enterprise security admin, I need to be able to set
> privileges based on Hive object ownership for setting up access controls in
> Ranger so that I can provide appropriate protections and permissions for my
> enterprise users.
>
> Acceptance criteria:
> 1) Owner information is available in Hive -Ranger AuthZ calls
> 2) Ranger admin users can use owner information to set policies based on
> object ownership in Ranger UI and APIs
> 3) OWNER Macro based policies continue to work for Hive objects
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
