Fang-Yu Rao has uploaded this change for review. ( http://gerrit.cloudera.org:8080/16654
Change subject: IMPALA-10211: Add support for role-related statements ...................................................................... IMPALA-10211: Add support for role-related statements This patch contains some brief notes regarding how to add the support for role-based authorization. It seems that it would take more time adding the corresponding FE tests than adding the new feature, since the current FE tests for authorization with Ranger does not take into consideration the testing of role-related statements. A faster way to test the new feature is via adding the E2E tests. We could start a customized Impala cluster with the flag of 'use_customized_user_groups_mapper_for_ranger' so that Impala would use the customized user-to-groups mapper when calling RangerAuthorizationChecker#getUserGroups(). Refer to part 2 of IMPALA-9149 for further details. Recall that we cannot simply use the user $USER and its default group $USER for testing because the user $USER happens to be the owner of the resources created for testing, and any request from the user $USER would be allowed by Ranger. That is, we are not able to tell Impala would reject an access request from a user without the necessary privileges. Change-Id: I15aee522b145b8b5cf6c2a76a8873ac260998384 --- M fe/src/main/java/org/apache/impala/authorization/ranger/RangerCatalogdAuthorizationManager.java M fe/src/test/java/org/apache/impala/authorization/AuthorizationTestBase.java 2 files changed, 44 insertions(+), 2 deletions(-) git pull ssh://gerrit.cloudera.org:29418/Impala-ASF refs/changes/54/16654/1 -- To view, visit http://gerrit.cloudera.org:8080/16654 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: newchange Gerrit-Change-Id: I15aee522b145b8b5cf6c2a76a8873ac260998384 Gerrit-Change-Number: 16654 Gerrit-PatchSet: 1 Gerrit-Owner: Fang-Yu Rao <[email protected]>
