Fang-Yu Rao has posted comments on this change. ( http://gerrit.cloudera.org:8080/24337 )
Change subject: IMPALA-14954: [WIP] Support WITH ADMIN OPTION clause for GRANT ROLE ...................................................................... Patch Set 2: (3 comments) http://gerrit.cloudera.org:8080/#/c/24337/2//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/24337/2//COMMIT_MSG@16 PS2, Line 16: Check if it's possible to extract the information of 'grant_time' and : 'grantor' for each returned role from getRangerRoleForPrincipal() Based on my observation reported at https://issues.apache.org/jira/browse/RANGER-5612 (grantor and grantTime are not corrected shown in SHOW ROLE GRANT USER/GROUP), currently the Ranger plug-in could not provide these 2 pieces of information. So there is probably no need to add these 2 columns in the result of the SHOW GRANT ROLES GROUP/USER statements. http://gerrit.cloudera.org:8080/#/c/24337/2/fe/src/main/cup/sql-parser.cup File fe/src/main/cup/sql-parser.cup: http://gerrit.cloudera.org:8080/#/c/24337/2/fe/src/main/cup/sql-parser.cup@1185 PS2, Line 1185: KW_SHOW KW_CURRENT KW_ROLES : {: RESULT = new ShowRolesStmt(true, null, null); :} : ; It may make more sense to use ShowRolesPrincipalStmt() below to process SHOW CURRENT ROLES (of the current effective user), since with ShowRolesPrincipalStmt() we could additionally show if the current effective user is also a role administrator, i.e., the user could grant/revoke the role to/from other principals. http://gerrit.cloudera.org:8080/#/c/24337/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java File fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java: http://gerrit.cloudera.org:8080/#/c/24337/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java@189 PS2, Line 189: schema.addToColumns(new TColumn("grant_time", Type.STRING.toThrift())); : schema.addToColumns(new TColumn("grantor", Type.STRING.toThrift())); There is probably no need to have these 2 columns in this patch now because of the issue reported in https://issues.apache.org/jira/browse/RANGER-5612. -- To view, visit http://gerrit.cloudera.org:8080/24337 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I8e7c9ba091bc15271c7a3ef34ca06a38630d5bb6 Gerrit-Change-Number: 24337 Gerrit-PatchSet: 2 Gerrit-Owner: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Comment-Date: Mon, 25 May 2026 19:01:08 +0000 Gerrit-HasComments: Yes
