Austin Nobis has uploaded this change for review. ( http://gerrit.cloudera.org:8080/13673
Change subject: [IMPALA-8587] Show inherited privileges with Ranger show grant ...................................................................... [IMPALA-8587] Show inherited privileges with Ranger show grant Previously when executing a show grant statement on a resource with Ranger authorization enabled, Impala would not show inherited privileges. For example, if a user had database level privileges such as: GRANT SELECT ON DATABASE db TO USER user; If a user then requested table level privileges such as: SHOW GRANT USER user ON TABLE db.table; They would see no results. After this change, the user will see database level privileges when executing the previous statement. If a user has SELECT privilege on DATABASE and on TABLE and issues a show grant on TABLE, they will only see the SELECT privilege for TABLE. Users will not see multiple instances of SELECT or any other privilege type in a SHOW GRANT statemenet. Testing - Ran all FE tests - Ran all authorization E2E tests - Added E2E tests in test_ranger verifying functionality Change-Id: I5c4c9327acb12abc12d130ef5c1ace6a08ed193c --- M fe/src/main/java/org/apache/impala/authorization/ranger/RangerImpaladAuthorizationManager.java M tests/authorization/test_ranger.py 2 files changed, 147 insertions(+), 27 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/73/13673/1 -- To view, visit http://gerrit.cloudera.org:8080/13673 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I5c4c9327acb12abc12d130ef5c1ace6a08ed193c Gerrit-Change-Number: 13673 Gerrit-PatchSet: 1 Gerrit-Owner: Austin Nobis <[email protected]>
