Hao Hao has posted comments on this change. ( http://gerrit.cloudera.org:8080/15436 )
Change subject: [ranger] fix incorrect authz enforcement in Ranger authz provider ...................................................................... Patch Set 1: (2 comments) http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h File src/kudu/ranger/ranger_client.h: http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h@57 PS1, Line 57: // note that a privilege scope cannot imply another in Ranger. > Is this what we want? Doesn't that mean we should check for database privil Yeah, in the Ranger context, this is what we want. Other Ranger integrated components also does not assume such implication. So the user has to specify all required privileges (could be database, table, or column level privilege). http://gerrit.cloudera.org:8080/#/c/15436/1/src/kudu/ranger/ranger_client.h@61 PS1, Line 61: COLUMN > why don't we have COLUMN if we don't use it anywhere? should we use it? Have it just to list all possible scope for a privilege. Even though it is not used yet. -- To view, visit http://gerrit.cloudera.org:8080/15436 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I267aabc5f224ee7ceeffd6187785595dd6f16487 Gerrit-Change-Number: 15436 Gerrit-PatchSet: 1 Gerrit-Owner: Hao Hao <[email protected]> Gerrit-Reviewer: Adar Dembo <[email protected]> Gerrit-Reviewer: Andrew Wong <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Hao Hao <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Comment-Date: Sun, 15 Mar 2020 00:11:44 +0000 Gerrit-HasComments: Yes
