[Impala-ASF-CR] IMPALA-8363: Deny access when column masking or row filtering is enabled in Ranger

Thu, 04 Apr 2019 12:26:45 -0700 

Austin Nobis has posted comments on this change. ( 
http://gerrit.cloudera.org:8080/12927 )

Change subject: IMPALA-8363: Deny access when column masking or row filtering 
is enabled in Ranger
......................................................................


Patch Set 2:

(4 comments)

http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java
File 
fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java:

http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@70
PS2, Line 70:   private static class Table {
Wouldn't this represent a column and not a table?


http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@246
PS2, Line 246:     for (Table table: tables) {
So you're iterating over the `Table` which is actually more like a `Column` but 
ignoring the columnName_?

Won't this cause a lot of duplicate entries in the `rowFilterTables`?


http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@269
PS2, Line 269:   private static List<Table> getTables(List<Expr> exprs) {
Is this getting the tables or the columns?


http://gerrit.cloudera.org:8080/#/c/12927/2/fe/src/main/java/org/apache/impala/authorization/ranger/RangerAuthorizationChecker.java@279
PS2, Line 279:           // Column can be null when it's complex type.
If it is a complex type do you need to parse the complex type for more 
potential columns?



--
To view, visit http://gerrit.cloudera.org:8080/12927
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-MessageType: comment
Gerrit-Change-Id: If46b4bf24d916e4a4ea8a36ff4acfd95d5f45c8e
Gerrit-Change-Number: 12927
Gerrit-PatchSet: 2
Gerrit-Owner: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Austin Nobis <ano...@cloudera.com>
Gerrit-Reviewer: Bharath Vissapragada <bhara...@cloudera.com>
Gerrit-Reviewer: Fredy Wijaya <fwij...@cloudera.com>
Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com>
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>
Gerrit-Comment-Date: Thu, 04 Apr 2019 19:26:03 +0000
Gerrit-HasComments: Yes

Reply via email to