[Impala-ASF-CR] IMPALA-12921: Support locally built Ranger

Wed, 08 May 2024 02:51:56 -0700 

Fang-Yu Rao has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/21160 )

Change subject: IMPALA-12921: Support locally built Ranger
......................................................................


Patch Set 11:

(1 comment)

In patch set 11 I added some steps to create the user 'non_owner_2' on the 
Ranger server since in Apache Ranger, the Ranger server also checks the 
existence of the grantee in the GRANT/REVOKE statements.

In addition, I plan to add a startup flag to the catalog server so that we 
could specify whether the resource type of 'storage-type' is supported by the 
Ranger service. Without this, some basic statements like GRANT ALL ON SERVER 
could not even be supported if Apache Ranger is used.

http://gerrit.cloudera.org:8080/#/c/21160/7//COMMIT_MSG
Commit Message:

http://gerrit.cloudera.org:8080/#/c/21160/7//COMMIT_MSG@64
PS7, Line 64:    Note that the resource type of 'storage-type' is not supported
> Thanks Quanlong!
After running some authorization-related tests, e.g., RangerAuditLogTest, I 
realized that the resource type of 'storage-type' is not supported in Apache 
Ranger yet. Hence the support for storage handler privileges added in 
IMPALA-10436 is not supported.

This also affects the ALL privilege on SERVER since this the ALL privilege on 
SERVER also implies the RWSTORAGE privilege on all storage handler URI's.

It may be a good idea to add a startup flag to the catalog server so that we 
could specify whether the resource type of 'storage-type' is supported by the 
Ranger service so the catalog server won't send the requests to grant/revoke 
privileges on the storage handler URI's.



--
To view, visit http://gerrit.cloudera.org:8080/21160
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: I268d6d4d6e371da7497aac8d12f78178d57c6f27
Gerrit-Change-Number: 21160
Gerrit-PatchSet: 11
Gerrit-Owner: Fang-Yu Rao <fangyu....@cloudera.com>
Gerrit-Reviewer: Aman Sinha <amsi...@cloudera.com>
Gerrit-Reviewer: Fang-Yu Rao <fangyu....@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com>
Gerrit-Reviewer: John Sherman <j...@cloudera.com>
Gerrit-Reviewer: Quanlong Huang <huangquanl...@gmail.com>
Gerrit-Comment-Date: Wed, 08 May 2024 09:47:46 +0000
Gerrit-HasComments: Yes

Reply via email to