Fang-Yu Rao has posted comments on this change. ( http://gerrit.cloudera.org:8080/14894 )
Change subject: IMPALA-9009: Core support for Ranger column masking ...................................................................... Patch Set 11: (1 comment) http://gerrit.cloudera.org:8080/#/c/14894/11/tests/authorization/test_ranger.py File tests/authorization/test_ranger.py: http://gerrit.cloudera.org:8080/#/c/14894/11/tests/authorization/test_ranger.py@838 PS11, Line 838: finally: I was wondering if it would be better to remove from the user 'user' the privilege of CREATE on the current database after the test by adding the following statement immediately before we drop the current database. Otherwise, there will be some leftover policies that grant the user 'user' the privilege of CREATE on the current database. admin_client.execute("revoke create on database %s from user %s" % (unique_database, user)) However, I have also noticed that even though we revoke the privilege from the user 'user' afterwards, there are still empty policies left, which I think is less than ideal. I guess it may have something to do with how Impala revokes from a user the privilege(s) on some resources via Ranger. But I am not very sure whether or not Ranger has an API that allows Impala to delete a specified policy. -- To view, visit http://gerrit.cloudera.org:8080/14894 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I4cad60e0e69ea573b7ecfc011b142c46ef52ed61 Gerrit-Change-Number: 14894 Gerrit-PatchSet: 11 Gerrit-Owner: Quanlong Huang <[email protected]> Gerrit-Reviewer: Csaba Ringhofer <[email protected]> Gerrit-Reviewer: Fang-Yu Rao <[email protected]> Gerrit-Reviewer: Impala Public Jenkins <[email protected]> Gerrit-Reviewer: Kurt Deschler <[email protected]> Gerrit-Reviewer: Quanlong Huang <[email protected]> Gerrit-Reviewer: Vihang Karajgaonkar <[email protected]> Gerrit-Comment-Date: Sat, 04 Jan 2020 00:48:36 +0000 Gerrit-HasComments: Yes
